Arcgis Enterprise Server
Approved changes feed: RSS · Atom
cpe:2.3:a:esri:arcgis_enterprise_server:*:*:*:*:*:*:*:*
part: a version: * update: *
| Vendor | Esri (7fc7b1c4-e95b-5bc9-bfb4-4695cd2e3e82) |
|---|---|
| Product | Arcgis Enterprise Server (e938fb50-1621-5102-8a8d-f249ff8e839a) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from gcve-enriched-dumps CVE data |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
| No PURL mappings for this CPE yet. | ||
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2023-25848 |
vulnerable | 2026-06-03 14:49:34.230952 |
BUG-000158039 - There is an information disclosure issue in ArcGIS Server.
MEDIUM (5.3)
ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue.
The information disclosed is limited to a single attribute in a database connection string. No business data is disclosed.
Published: 2023-08-25T18:44:14.016Z
Updated: 2024-10-08T16:33:52.950Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-25841 |
vulnerable | 2026-06-03 14:49:34.230523 |
BUG-000158075 Stored XSS issue in ArcGIS Server
MEDIUM (6.1)
There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 11.0 and below on Windows and Linux platforms that may allow a remote, unauthenticated attacker to create crafted content which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.
Mitigation: Disable anonymous access to ArcGIS Feature services with edit capabilities.
Published: 2023-07-21T18:38:24.437Z
Updated: 2025-04-10T18:43:52.035Z |
Imported from gcve-enriched-dumps CVE data |
CVE:CVE-2023-25840 |
vulnerable | 2026-06-03 14:49:34.229531 |
BUG-000154070 Stored XSS issue in the ArcGIS REST Services directory
LOW (3.4)
There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 11.1 and below that may allow a remote, authenticated attacker to create a crafted link which onmouseover wont execute but could potentially render an image in the victims browser. The privileges required to execute this attack are high.
Published: 2023-07-21T18:37:34.431Z
Updated: 2025-04-10T18:43:16.338Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.