Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

Esri — Vulnerabilities & Security Advisories 147

Browse all 147 CVE security advisories affecting Esri. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Esri develops geographic information system (GIS) software, enabling organizations to map, analyze, and visualize spatial data for urban planning, logistics, and environmental management. The company’s extensive portfolio, including ArcGIS Server and Portal for ArcGIS, has historically been associated with 147 recorded Common Vulnerabilities and Exposures (CVEs). These security flaws predominantly involve remote code execution, cross-site scripting, and privilege escalation, often stemming from improper input validation or insecure default configurations in web-facing components. While no single catastrophic breach has defined the vendor’s public history, the high volume of vulnerabilities highlights the complexity of securing large-scale enterprise GIS deployments. Many issues require administrative access to exploit, yet successful attacks can lead to full system compromise or data exfiltration. Continuous patching and strict network segmentation remain critical for mitigating risks associated with these legacy and modern software components within critical infrastructure environments.

Found 50 results / 147Clear Filters
Top products by Esri: ArcGIS Server Portal for ArcGIS ArcGIS Enterprise ArcReader Portal for ArcGIS Enterprise Sites ArcGIS Enterprise Web App Builder ArcGIS Enterprise Server Portal for ArcGIS Sites ArcGIS Quickcapture Portal for ArcGIS Enterprise Experience Builder ArcGIS Pro ArcGIS Insights ArcGIS GeoEvent Server Portal for ArcGIS ArcGIS Enterprise Builder Enterprise Web App Builder ArcGIS AllSource ArcGIS Monitor ArcGIS Earth Portal for ArcGIS Enterprise Experience Sites ArcGIS Web AppBuilder {Developer Edition)
CVE IDTitleCVSSSeverityPublished
CVE-2023-25833 BUG-000155004 HTML injection issue in Portal for ArcGIS. — Portal for ArcGISCWE-80 5.4 Medium2023-05-10
CVE-2023-25831 BUG-000154236 There is a reflected cross-site scripting (XSS) vulnerability in Portal for ArcGIS. — Portal for ArcGISCWE-79 6.1 Medium2023-05-09
CVE-2023-25830 BUG-000154662 Reflected XSS vulnerability in Portal for ArcGIS — Portal for ArcGISCWE-79 6.1 Medium2023-05-09
CVE-2023-25829 BUG-000155001 - Unvalidated redirect in Portal for ArcGIS. — Portal for ArcGISCWE-601 6.1 Medium2023-05-09
CVE-2023-25834 BUG-000142922 Incomplete permission changes in specific cases. — Portal for ArcGISCWE-269 5.4 Medium2023-05-09
CVE-2023-25832 BUG-000148346 There is a Cross-Site Request Forgery (CSRF) vulnerability in Portal for ArcGIS. — Portal for ArcGISCWE-352 8.8 High2023-05-09
CVE-2022-38203 The allowedProxyHosts property is not fully honored in ArcGIS Enterprise (10.8.1 and 10.7.1 only) — Portal for ArcGISCWE-918 7.5 High2022-12-30
CVE-2022-38189 There is a stored cross-site scripting (XSS) vulnerability in ArcGIS API for JavaScript. — Portal for ArcGISCWE-79 5.4 Medium2022-08-16
CVE-2022-38184 There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 — Portal for ArcGISCWE-284 7.5 High2022-08-16
CVE-2022-38192 There is a stored cross-site scripting (XSS) vulnerability in ArcGIS API for JavaScript. — Portal for ArcGISCWE-79 6.1 Medium2022-08-16
CVE-2022-38193 Code injection issue in Portal for ArcGIS (10.7.1 and 10.8.1) — Portal for ArcGISCWE-95 6.1 Medium2022-08-16
CVE-2022-38194 Portal for ArcGIS system properties are not properly encrypted (10.8.1 only) — Portal for ArcGISCWE-311 6.7 Medium2022-08-16
CVE-2022-38191 HTML injection vulnerability in Portal for ArcGIS — Portal for ArcGISCWE-74 6.1 Medium2022-08-15
CVE-2022-38187 Prevent access to sharing/rest/content/features/analyze to unauthorized users — Portal for ArcGISCWE-918 7.5 High2022-08-15
CVE-2022-38188 Esri Portal For ArcGis 跨站脚本漏洞 — Portal for ArcGISCWE-79 6.1 -2022-08-15
CVE-2022-38190 Stored cross-site scripting vulnerability in Esri Portal for ArcGIS Configurable Apps — Portal for ArcGISCWE-79 6.1 Medium2022-08-15
CVE-2022-38186 Esri Portal For ArcGis 跨站脚本漏洞 — Portal for ArcGISCWE-79 6.1 -2022-08-15
CVE-2021-29110 Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store malicious strings in the home application. — Portal for ArcGISCWE-79 5.4 -2021-10-01
CVE-2021-29109 A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9. — Portal for ArcGISCWE-79 6.1 -2021-10-01
CVE-2021-29108 There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below. — Portal for ArcGISCWE-347 8.8 High2021-10-01

This page lists every published CVE security advisory associated with Esri. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.