漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Weak Password Recovery Mechanism in Portal for ArcGIS
Vulnerability Description
A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an email server with ArcGIS Enterprise to facilitate user self-service password recovery. The ability for an administrator to reset a user’s password remains unchanged.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
忘记口令恢复机制弱
Vulnerability Title
Esri Portal for ArcGIS 授权问题漏洞
Vulnerability Description
Esri portal for arcgis是美国Esri公司的一套地理信息门户平台。 Esri Portal for ArcGIS 12.1及之前版本存在授权问题漏洞,该漏洞源于弱密码恢复机制,可能导致远程未经授权的攻击者操纵此机制接管用户账户。
CVSS Information
N/A
Vulnerability Type
N/A