CVE-2021-29115: An information disclosure vulnerability
First published: Tue Dec 07 2021(Updated: )
An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote attacker to view hidden field names in feature layers. This issue may reveal field names, but not not disclose features.
Credit: psirt@esri.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Esri ArcGIS Enterprise | <=10.9 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID of this information disclosure vulnerability in ArcGIS Enterprise?
The vulnerability ID is CVE-2021-29115.
What is the severity level of CVE-2021-29115?
The severity level of CVE-2021-29115 is medium with a CVSS score of 5.3.
Which version of ArcGIS Enterprise is affected by CVE-2021-29115?
ArcGIS Enterprise versions 10.9.0 and below are affected by CVE-2021-29115.
What is the impact of the vulnerability CVE-2021-29115?
The vulnerability allows a remote attacker to view hidden field names in feature layers, revealing field names but not disclosing features.
How can I fix CVE-2021-29115?
To fix CVE-2021-29115, it is recommended to apply the ArcGIS Server Security 2021 Update 2 Patch, which is now available. Please refer to the Esri website for more details.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/references
- agent/severity
- agent/last-modified-date
- agent/weakness
- agent/title
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/tags
- vendor/esri
- canonical/esri arcgis enterprise
- version/esri arcgis enterprise/10.9