Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1110 CNY

100%
Buy Us a Coffee

Esri — Vulnerabilities & Security Advisories 149

Browse all 149 CVE security advisories affecting Esri. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Esri develops geographic information system (GIS) software, enabling organizations to map, analyze, and visualize spatial data for urban planning, logistics, and environmental management. The company’s extensive portfolio, including ArcGIS Server and Portal for ArcGIS, has historically been associated with 147 recorded Common Vulnerabilities and Exposures (CVEs). These security flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation or insecure default configurations in web-facing components. While no single catastrophic breach has defined the vendor’s public history, the high volume of vulnerabilities highlights the complexity of securing large-scale enterprise GIS deployments. Many issues require administrative access to exploit, yet successful attacks can lead to full system compromise or data exfiltration. Continuous patching and strict network segmentation remain critical for mitigating risks associated with these legacy and modern software components within critical infrastructure environments.

Found 56 results / 149Clear Filters
Top products by Esri: ArcGIS Server Portal for ArcGIS ArcGIS Enterprise ArcReader Portal for ArcGIS Enterprise Sites ArcGIS Enterprise Web App Builder ArcGIS Enterprise Server Portal for ArcGIS Sites ArcGIS Quickcapture Portal for ArcGIS Enterprise Experience Builder ArcGIS Pro ArcGIS Insights ArcGIS GeoEvent Server Portal for ArcGIS ArcGIS Enterprise Builder Enterprise Web App Builder ArcGIS AllSource ArcGIS Monitor ArcGIS Earth Portal for ArcGIS Enterprise Experience Sites ArcGIS Web AppBuilder {Developer Edition)
CVE IDTitleCVSSSeverityPublished
CVE-2024-51945 Stored XSS issues in Server Admin API — ArcGIS ServerCWE-79 4.8 Medium2025-03-03
CVE-2024-51944 Stored XSS in Rest Services Directory — ArcGIS ServerCWE-79 4.8 Medium2025-03-03
CVE-2024-51942 Stored XSS vulnerability in Rest Admin API under Hosted Feature Services page — ArcGIS ServerCWE-79 4.8 Medium2025-03-03
CVE-2024-10904 Stored XSS in Server Admin API — ArcGIS ServerCWE-79 4.8 Medium2025-03-03
CVE-2024-5888 Stored XSS in Rest Services API for a Toolbox published as GP Service — ArcGIS ServerCWE-79 4.8 Medium2025-03-03
CVE-2022-38202 BUG-000152121 - Directory traversal vulnerability in ArcGIS Server. — ArcGIS ServerCWE-23 7.5 High2022-12-28
CVE-2022-38195 BUG-000150540 - Reflected XSS vulnerability in ArcGIS Server — ArcGIS ServerCWE-79 6.1 Medium2022-10-25
CVE-2022-38196 BUG-000150537 - ArcGIS Server has a local file inclusion (LFI) vulnerability — ArcGIS ServerCWE-22 6.5 Medium2022-10-25
CVE-2022-38197 BUG-000148347 Unvalidated redirect issues in ArcGIS Server. — ArcGIS ServerCWE-601 6.1 Medium2022-10-25
CVE-2022-38198 BUG-000146513 - Reflected XSS vulnerability in ArcGIS Server — ArcGIS ServerCWE-79 6.1 Medium2022-10-25
CVE-2022-38199 BUG-000144172 - Remote file download issue in ArcGIS Server — ArcGIS ServerCWE-494 6.1 Medium2022-10-25
CVE-2022-38200 BUG-000142376 - Reflected Cross-Site Scripting (XSS) vulnerability in ArcGIS Server. — ArcGIS ServerCWE-79 6.1 Medium2022-10-25
CVE-2021-29116 BUG-000142180 Hosted feature services vulnerable to stored XSS — ArcGIS ServerCWE-79 6.1 -2021-12-07
CVE-2021-29115 An information disclosure vulnerability — ArcGIS ServerCWE-200 5.3 -2021-12-07
CVE-2021-29114 SQL injection vulnerability in ArcGIS Server — ArcGIS ServerCWE-89 9.8 -2021-12-07
CVE-2021-29113 Remote file inclusion vulnerability in ArcGIS Server help documentation — ArcGIS ServerCWE-98 4.7 -2021-12-07
CVE-2021-29104 There is a stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below. — ArcGIS ServerCWE-79 6.1 -2021-07-11
CVE-2021-29102 There is a Server-Side Request Forgery (SSRF) vulnerability in Esri ArcGIS Server Manager version 10.8.1 and below. — ArcGIS ServerCWE-918 7.5 -2021-07-11
CVE-2021-29103 There is a reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below. — ArcGIS ServerCWE-79 6.1 -2021-07-11
CVE-2021-29105 There is a stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and below. — ArcGIS ServerCWE-79 5.4 -2021-07-11
CVE-2021-29106 There is a reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below. — ArcGIS ServerCWE-79 6.1 -2021-07-10
CVE-2021-29107 There is a stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below. — ArcGIS ServerCWE-79 6.1 -2021-07-10
CVE-2021-29099 There is a SQL injection vulnerability in ArcGIS Server — ArcGIS ServerCWE-89 5.3 -2021-06-07
CVE-2021-29095 ArcGIS Server image service and raster analytics security update: uninitialized pointer — ArcGIS ServerCWE-824 6.8 -2021-03-25
CVE-2021-29094 ArcGIS Server image service and raster analytics security update: buffer overflow — ArcGIS ServerCWE-120 6.8 -2021-03-25
CVE-2021-29093 ArcGIS Server image service and raster analytics security update: use-after-free — ArcGIS ServerCWE-416 6.8 -2021-03-25

This page lists every published CVE security advisory associated with Esri. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.