Esri Portal for ArcGIS 11.4
Approved changes feed: RSS · Atom
cpe:2.3:a:esri:portal_for_arcgis:11.4:-:*:*:*:*:*:*
part: a version: 11.4 update: -
| Vendor | Esri (7fc7b1c4-e95b-5bc9-bfb4-4695cd2e3e82) |
|---|---|
| Product | Portal For Arcgis (4a9585b9-e85b-56ed-a5e6-c7c2789574cc) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2026-33519 |
vulnerable | 2026-06-03 15:20:44.999346 |
Incorrect privilege assignment in Portal for ArcGIS
CRITICAL (9.8)
An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check permissions assigned to developer credentials.
Published: 2026-04-21T20:38:28.573Z
Updated: 2026-04-23T03:56:07.946Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-57879 |
vulnerable | 2026-06-03 15:05:00.202783 |
BUG-000171009 - URL manipulation vulnerability in Portal for ArcGIS.
MEDIUM (6.1)
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
Published: 2025-09-29T18:33:06.669Z
Updated: 2025-09-29T19:52:42.354Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-57878 |
vulnerable | 2026-06-03 15:05:00.198095 |
BUG-000174149 - The Portal for ArcGIS has an unvalidated redirect.
MEDIUM (6.1)
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
Published: 2025-09-29T18:33:59.071Z
Updated: 2025-09-29T19:53:18.268Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-57877 |
vulnerable | 2026-06-03 15:05:00.196759 |
Reflected XSS vulnerability in Portal for ArcGIS.
MEDIUM (4.8)
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.
Published: 2025-09-29T18:34:59.201Z
Updated: 2025-09-29T19:53:54.356Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-57876 |
vulnerable | 2026-06-03 15:05:00.195342 |
Stored XSS vulnerability in Portal for ArcGIS
MEDIUM (4.8)
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, authenticated attacker to inject malicious a file with an embedded xss script which when loaded could potentially execute arbitrary JavaScript code in the victim’s browser. The privileges required to execute this attack are high. The attack could disclose a privileged token which may result in the attacker gaining full control of the Portal.
Published: 2025-09-29T18:32:20.557Z
Updated: 2025-09-29T19:52:16.857Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-57875 |
vulnerable | 2026-06-03 15:05:00.191271 |
BUG-000164122 - Reflected XSS vulnerability in Portal for ArcGIS.
MEDIUM (4.8)
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.
Published: 2025-09-29T18:35:34.753Z
Updated: 2025-09-29T20:00:18.890Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-57874 |
vulnerable | 2026-06-03 15:05:00.189993 |
BUG-000161627 - Reflected XSS vulnerability in Portal for ArcGIS. (11.3, 11.1, 10.9.1)
MEDIUM (4.8)
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.
Published: 2025-09-29T18:37:16.737Z
Updated: 2025-09-29T19:11:05.059Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-57873 |
vulnerable | 2026-06-03 15:05:00.188481 |
BUG-000175222 - Reflected XSS vulnerability in Portal for ArcGIS.
MEDIUM (4.8)
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.
Published: 2025-09-29T18:37:54.701Z
Updated: 2025-09-29T19:09:37.372Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-57872 |
vulnerable | 2026-06-03 15:05:00.187542 |
BUG-000174150 - Unvalidated redirect in Portal for ArcGIS.
MEDIUM (6.1)
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
Published: 2025-09-29T18:38:34.529Z
Updated: 2025-09-29T18:54:57.118Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2025-57871 |
vulnerable | 2026-06-03 15:05:00.184822 |
BUG-000174020 - Reflected XSS vulnerability identified in Portal for ArcGIS. (11.3, 11.1, 10.9.1)
MEDIUM (4.8)
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authenticated attacker with administrative access to supply a crafted string which would execute arbitrary JavaScript code in the browser.
Published: 2025-09-29T18:39:13.631Z
Updated: 2025-09-29T18:51:37.943Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.