CVE-2024-25699— Esri Portal For ArcGIS 授权问题漏洞
新しい脆弱性情報の通知を購読するログインして購読
I. CVE-2024-25699の基本情報
脆弱性情報
脆弱性についてご質問がありますか?Shenlongの分析が参考になるかご確認ください!
Shenlongの10の質問を表示 ↗ 高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
Portal for ArcGIS has an invalid authentication vulnerability
ソース: NVD (National Vulnerability Database)
脆弱性説明
There is a difficult‑to‑exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux, and ArcGIS Enterprise versions 11.1 and below on Kubernetes, which under unique circumstances could allow a remote, authenticated attacker with low‑privileged access to compromise the confidentiality, integrity, and availability of the software. Successful exploitation allows the attacker to cross an authentication and authorization boundary beyond their originally assigned access, resulting in a scope change.
ソース: NVD (National Vulnerability Database)
CVSS情報
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
ソース: NVD (National Vulnerability Database)
脆弱性タイプ
认证机制不恰当
ソース: NVD (National Vulnerability Database)
脆弱性タイトル
Esri Portal For ArcGIS 授权问题漏洞
ソース: CNNVD (China National Vulnerability Database)
脆弱性説明
Esri Portal For ArcGIS是美国环境系统研究所(Esri)公司的一种允许在组织内与其他人共享地图、场景、应用程序和其他地理信息的组件。 Esri Portal For ArcGIS 存在授权问题漏洞,该漏洞源于存在不正确的身份验证漏洞。
ソース: CNNVD (China National Vulnerability Database)
CVSS情報
N/A
ソース: CNNVD (China National Vulnerability Database)
脆弱性タイプ
N/A
ソース: CNNVD (China National Vulnerability Database)
影響を受ける製品
| ベンダー | プロダクト | 影響を受けるバージョン | CPE | 購読 |
|---|---|---|---|---|
| Esri | Portal for ArcGIS | all ~ <= 11.2 | - |
II. CVE-2024-25699の公開POC
| # | POC説明 | ソースリンク | Shenlongリンク |
|---|
AI生成POCプレミアム
公開POCは見つかりませんでした。
ログインしてAI POCを生成III. CVE-2024-25699のインテリジェンス情報
请登录查看更多情报信息。
Same Patch Batch · Esri · 2024-04-04 · 13 CVEs total
| CVE-2024-25693 | 9.9 CRITICAL | Portal for ArcGIS has a directory traversal vulnerability. |
| CVE-2024-25695 | 7.2 HIGH | concatenated errors resulting in cross site scripting and frame injection issues. |
| CVE-2024-25698 | 6.1 MEDIUM | Reflected XSS in Portal for ArcGIS |
| CVE-2024-25706 | 6.1 MEDIUM | HTMLi at createFolder Content Injection |
| CVE-2024-25709 | 6.1 MEDIUM | Self-XSS style in move item dialog |
| CVE-2024-25692 | 5.4 MEDIUM | BUG-000154722 - Cross-site request forgery (CSRF) issue in Portal for ArcGIS |
| CVE-2024-25697 | 5.4 MEDIUM | Stored XSS in Portal for ArcGIS |
| CVE-2024-25705 | 5.4 MEDIUM | Cross site scripting issue in embed widget |
| CVE-2024-25696 | 4.8 MEDIUM | Stored XSS in Portal for ArcGIS |
| CVE-2024-25700 | 4.8 MEDIUM | Persistent XSS in URL added to a shared map |
| CVE-2024-25708 | 4.8 MEDIUM | Persistent XSS when creating new application using Web App Builder |
| CVE-2024-25690 | 4.7 MEDIUM | HTML injection in ArcGIS Web AppBuilder |
IV. 関連脆弱性
同じ製品: Portal for ArcGIS
- CVE-2026-33519
Incorrect privilege assignment in Portal for ArcGIS - CVE-2026-33518
Incorrect privilege assignment in Portal for ArcGIS - CVE-2025-57871
BUG-000174020 - Reflected XSS vulnerability identified in Po - CVE-2025-57872
BUG-000174150 - Unvalidated redirect in Portal for ArcGIS. - CVE-2025-57873
BUG-000175222 - Reflected XSS vulnerability in Portal for Ar
同じベンダー: Esri
- CVE-2026-33519
Incorrect privilege assignment in Portal for ArcGIS - CVE-2026-33518
Incorrect privilege assignment in Portal for ArcGIS - CVE-2026-1446
XSS issue is Esri ArcGIS Pro versions 3.6.0 and earlier - CVE-2025-67711
Reflected XSS vulnerability in ArcGIS Server. - CVE-2025-67710
Stored XSS vulnerability in ArcGIS Server
同じ弱点: CWE-287
- CVE-2026-8244
Industrial Application Software IAS Canias ERP Login RMI imp - CVE-2026-8216
Industrial Application Software IAS Canias ERP Java RMI Sess - CVE-2026-8214
Industrial Application Software IAS Canias ERP RMI doAction - CVE-2026-42560
auth: Patreon provider assigns the same local user ID to eve - CVE-2026-41070
openvpn-auth-oauth2 returns FUNC_SUCCESS on client-deny, all
V. CVE-2024-25699へのコメント
まだコメントはありません