What is CVE-2022-38198?

CVE-2022-38198 is a reflected cross-site scripting vulnerability in Esri ArcGIS Server services directory versions 10.9.1 and below.

What is the severity of CVE-2022-38198?

CVE-2022-38198 has a severity rating of 6.1, which is considered medium.

How can I fix CVE-2022-38198?

To fix CVE-2022-38198, you should apply the security update provided by Esri in their ArcGIS Server Security 2022 Update 1 patch.

Where can I find more information about CVE-2022-38198?

You can find more information about CVE-2022-38198 in the Esri ArcGIS Server Security 2022 Update 1 patch. Visit the provided reference link to access the patch.

Vulnerability/
CVE-2022-38198

medium

6.1

CWE

25/10/2022

16/9/2024

CVE-2022-38198: BUG-000146513 - Reflected XSS vulnerability in ArcGIS Server

Q: How does CVE-2022-38198 impact Esri ArcGIS Server services directory?

CVE-2022-38198 allows a remote, unauthenticated attacker to execute arbitrary JavaScript code in the victim's browser by convincing them to click on a specially crafted link.

First published: Tue Oct 25 2022(Updated: )

There is a reflected cross site scripting issue in the Esri ArcGIS Server services directory versions 10.9.1 and below that may allow a remote, unauthenticated attacker to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser.

Credit: psirt@esri.com

Affected Software	Affected Version	How to fix
Esri ArcGIS Server	<=10.9.1

Remedy

https://www.esri.com/arcgis-blog/products/administration/administration/arcgis-server-security-2022-update-1-patch

Remedy

a. Disable the ArcGIS Services directory b. Install ArcGIS for Server Security 2022 Update 1 Patch

Never miss a vulnerability like this again

Reference Links

https://www.esri.com/arcgis-blog/products/administration/administration/arcgis-server-security-2022-update-1-patch

Frequently Asked Questions

What is CVE-2022-38198?
CVE-2022-38198 is a reflected cross-site scripting vulnerability in Esri ArcGIS Server services directory versions 10.9.1 and below.
How does CVE-2022-38198 impact Esri ArcGIS Server services directory?
CVE-2022-38198 allows a remote, unauthenticated attacker to execute arbitrary JavaScript code in the victim's browser by convincing them to click on a specially crafted link.
What is the severity of CVE-2022-38198?
CVE-2022-38198 has a severity rating of 6.1, which is considered medium.
How can I fix CVE-2022-38198?
To fix CVE-2022-38198, you should apply the security update provided by Esri in their ArcGIS Server Security 2022 Update 1 patch.
Where can I find more information about CVE-2022-38198?
You can find more information about CVE-2022-38198 in the Esri ArcGIS Server Security 2022 Update 1 patch. Visit the provided reference link to access the patch.

collector/nvd-index
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/references
agent/weakness
agent/title
agent/remedy
agent/severity
agent/author
agent/last-modified-date
agent/tags
agent/event
agent/description
agent/first-publish-date
vendor/esri
canonical/esri arcgis server
version/esri arcgis server/10.9.1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.