There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions.
References
Configurations
History
22 May 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
Summary | There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user into executing unwanted actions. |
16 May 2023, 18:46
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-security-2023-update-1-patch-8095 - Release Notes | |
References | (MISC) https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2023-update-1-patch-is-now-available/ - Vendor Advisory | |
First Time |
Esri
Esri portal For Arcgis |
|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
CPE | cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:* |
09 May 2023, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-05-09 21:15
Updated : 2024-02-01 14:55
NVD link : CVE-2023-25832
Mitre link : CVE-2023-25832
CVE.ORG link : CVE-2023-25832
JSON object : View
Products Affected
esri
- portal_for_arcgis
CWE
CWE-352
Cross-Site Request Forgery (CSRF)