GCVE - cpe:2.3:a:esri:arcgis_server:10.1:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:esri:arcgis_server:10.1:*:*:*:*:*:*:*

part: a version: 10.1 update: *

Vendor	Esri (`7fc7b1c4-e95b-5bc9-bfb4-4695cd2e3e82`)
Product	Arcgis Server (`4b5775bf-aef2-5392-b675-fe8157ab1e90`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2013-7231`	vulnerable	2026-06-03 14:33:34.276729	Details available Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors, a different vulnerability than CVE-2013-5222. Published: 2013-12-30T02:00:00.000Z Updated: 2024-09-17T01:21:00.243Z Open on db.gcve.eu Reference links http://support.esri.com/en/knowledgebase/techarticles/detail/41468 http://support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-5222`	vulnerable	2026-06-03 14:33:20.855973	Details available Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors. Published: 2013-12-30T02:00:00.000Z Updated: 2024-08-06T17:06:52.291Z Open on db.gcve.eu Reference links http://support.esri.com/en/knowledgebase/techarticles/detail/41498 http://support.esri.com/en/knowledgebase/techarticles/detail/41494	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2013-5221`	vulnerable	2026-06-03 14:33:20.854969	Details available The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges. Published: 2013-09-24T10:00:00.000Z Updated: 2024-08-06T17:06:52.372Z Open on db.gcve.eu Reference links http://support.esri.com/en/knowledgebase/techarticles/detail/41497 http://support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2012-4949`	vulnerable	2026-06-03 14:32:26.268764	Details available SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service. Published: 2012-11-14T11:00:00.000Z Updated: 2024-08-06T20:50:18.215Z Open on db.gcve.eu Reference links https://exchange.xforce.ibmcloud.com/vulnerabilities/79977 http://www.kb.cert.org/vuls/id/795644	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.