In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file.
References
Configurations
History
17 Aug 2022, 16:10
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2022-update-1-patch/ - Vendor Advisory | |
CWE | CWE-311 | |
CPE | cpe:2.3:a:esri:portal_for_arcgis:10.8.1:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.5 |
First Time |
Esri
Esri portal For Arcgis |
16 Aug 2022, 17:47
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-08-16 17:15
Updated : 2023-12-10 14:35
NVD link : CVE-2022-38194
Mitre link : CVE-2022-38194
CVE.ORG link : CVE-2022-38194
JSON object : View
Products Affected
esri
- portal_for_arcgis
CWE
CWE-311
Missing Encryption of Sensitive Data