CVE-2021-29101— ArcGIS GeoEvent Server has a Directory Traversal security vulnerability.
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-29101
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ArcGIS GeoEvent Server has a Directory Traversal security vulnerability.
Source: NVD (National Vulnerability Database)
Vulnerability Description
ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only directory path traversal vulnerability that could allow an unauthenticated, remote attacker to perform directory traversal attacks and read arbitrary files on the system.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
相对路径遍历
Source: NVD (National Vulnerability Database)
Vulnerability Title
Esri GeoEvent Server 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Esri GeoEvent Server是美国Esri公司的一个网络设备。用于跟踪移动资产,监视固定传感器,关注社交媒体提要,在地图上利用,分析和显示实时数据和物联网(IoT)数据。 GeoEvent Server 10.8.1版本存在安全漏洞,该漏洞源于允许未经验证的远程攻击者可利用该漏洞执行目录遍历攻击,并读取系统上的任意文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Esri | ArcGIS GeoEvent Server | All ~ 10.8.1 | - |
II. Public POCs for CVE-2021-29101
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2021-29101
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same vendor: Esri
- CVE-2026-33519
Incorrect privilege assignment in Portal for ArcGIS - CVE-2026-33518
Incorrect privilege assignment in Portal for ArcGIS - CVE-2026-1446
XSS issue is Esri ArcGIS Pro versions 3.6.0 and earlier - CVE-2025-67711
Reflected XSS vulnerability in ArcGIS Server. - CVE-2025-67710
Stored XSS vulnerability in ArcGIS Server
Same weakness: CWE-23
- CVE-2026-8209
Gibbon<30.0.01路径遍历漏洞导致拒绝服务 - CVE-2026-43533
OpenClaw < 2026.4.10 - Arbitrary Local File Read via QQBot M - CVE-2026-43616
Detect-It-Easy < 3.21 Path Traversal Arbitrary File Write - CVE-2026-42085
OpenC3 COSMOS: Arbitrary write to plugins directory via path - CVE-2026-22070
ColorOS Assistant Path Traversal Vulnerability
V. Comments for CVE-2021-29101
No comments yet