CVE-2022-38194

  1. Reconshell
  2. Vulnerabilities (CVE)
  3. CVE-2022-38194
In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file.

5.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2022-update-1-patch/ Vendor Advisory
Advertisement

NeevaHost hosting service
Configurations

Configuration 1 (hide)

cpe:2.3:a:esri:portal_for_arcgis:10.8.1:*:*:*:*:*:*:*
Information

Published : 2022-08-16 10:15

Updated : 2022-08-17 09:10

NVD link : CVE-2022-38194

Mitre link : CVE-2022-38194

JSON object : View

CWE
CWE-311

Missing Encryption of Sensitive Data

Advertisement

dedicated server usa
Products Affected

esri

  • portal_for_arcgis