First published: Thu Apr 04 2024(Updated: )
There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.1 and below that may in some cases allow a remote, unauthenticated attacker to trick an authorized user into executing unwanted actions via a crafted form. The impact to Confidentiality and Integrity vectors is limited and of low severity.
Credit: psirt@esri.com
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Esri Portal for ArcGIS | <=11.1 | |
Any of | ||
Linux Kernel | ||
Microsoft Windows Operating System |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-25692 is classified as a cross-site request forgery vulnerability with a potential risk for unauthorized actions.
To mitigate CVE-2024-25692, ensure you upgrade to Esri Portal for ArcGIS version 11.2 or later.
CVE-2024-25692 affects users of Esri Portal for ArcGIS version 11.1 and below.
Yes, CVE-2024-25692 can be exploited remotely by an attacker who tricks an authorized user into submitting a malicious request.
An attacker exploiting CVE-2024-25692 may execute unwanted actions on behalf of the authenticated user.