GCVE - cpe:2.3:a:esri:arcgis_server:*:*:*:*:*:*:x64:*

Approved changes feed: RSS · Atom

cpe:2.3:a:esri:arcgis_server:*:*:*:*:*:*:x64:*

part: a version: * update: *

Vendor	Esri (`7fc7b1c4-e95b-5bc9-bfb4-4695cd2e3e82`)
Product	Arcgis Server (`4b5775bf-aef2-5392-b675-fe8157ab1e90`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	x64
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-38198`	vulnerable	2026-06-03 14:47:49.442386	BUG-000146513 - Reflected XSS vulnerability in ArcGIS Server MEDIUM (6.1) There is a reflected cross site scripting issue in the Esri ArcGIS Server services directory versions 10.9.1 and below that may allow a remote, unauthenticated attacker to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim’s browser. Published: 2022-10-25T16:31:53.820Z Updated: 2025-04-10T14:56:12.281Z Open on db.gcve.eu Reference links https://www.esri.com/arcgis-blog/products/administration/administration/arcgis-server-security-2022-update-1-patch	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-29113`	vulnerable	2026-06-03 14:44:19.657518	Remote file inclusion vulnerability in ArcGIS Server help documentation MEDIUM (4.7) A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page. Published: 2021-12-07T10:48:48.897Z Updated: 2025-04-10T14:59:26.919Z Open on db.gcve.eu Reference links https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-2-patch-is-now-available	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-29106`	vulnerable	2026-06-03 14:44:19.651733	There is a reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below. MEDIUM (4.7) A reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser. Published: 2021-07-10T14:26:11.746Z Updated: 2025-04-10T15:00:45.264Z Open on db.gcve.eu Reference links https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-1-patch/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-29105`	vulnerable	2026-06-03 14:44:19.651268	There is a stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and below. MEDIUM (5.4) A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and below may allow a remote authenticated attacker to pass and store malicious strings in the ArcGIS Services Directory. Published: 2021-07-11T01:11:36.814Z Updated: 2025-04-10T15:00:38.088Z Open on db.gcve.eu Reference links https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-1-patch/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-29104`	vulnerable	2026-06-03 14:44:19.650817	There is a stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below. MEDIUM (6.1) A stored Cross Site Scripting (XXS) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote unauthenticated attacker to pass and store malicious strings in the ArcGIS Server Manager application. Published: 2021-07-11T01:39:41.853Z Updated: 2025-04-10T15:00:11.879Z Open on db.gcve.eu Reference links https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-1-patch/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-29103`	vulnerable	2026-06-03 14:44:19.650343	There is a reflected Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server version 10.8.1 and below. MEDIUM (6.1) A reflected Cross Site Scripting (XXS) vulnerability in ArcGIS Server version 10.8.1 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user’s browser. Published: 2021-07-11T01:16:28.826Z Updated: 2025-04-10T15:00:29.311Z Open on db.gcve.eu Reference links https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-1-patch/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-29102`	vulnerable	2026-06-03 14:44:19.649756	There is a Server-Side Request Forgery (SSRF) vulnerability in Esri ArcGIS Server Manager version 10.8.1 and below. CRITICAL (9.1) A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote, unauthenticated attacker to forge GET requests to arbitrary URLs from the system, potentially leading to network enumeration or facilitating other attacks. Published: 2021-07-11T01:28:15.394Z Updated: 2025-04-10T15:00:22.287Z Open on db.gcve.eu Reference links https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-security-2021-update-1-patch/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.