CVE-2021-29101

High

ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only directory path traversal vulnerability that could allow an…

Esri·CWE-23·Published 2021-05-05

CVSS

7.5

EPSS

0.02

KEV

Exploits

cve.orgen

235 chars

ArcGIS GeoEvent Server versions 10.8.1 and below has a read-only directory path traversal vulnerability that could allow an unauthenticated, remote attacker to perform directory traversal attacks and read arbitrary files on the system.

NVDen

235 chars

NVDes

271 chars

ArcGIS GeoEvent Server versiones 10.8.1 y anteriores, presenta una vulnerabilidad de salto de ruta de directorio de solo lectura que podría permitir a un atacante remoto no autenticado llevar a cabo ataques de salto de directorio y leer archivos arbitrarios en el sistema

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	5.0	10.0	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
3.0	Primary	cve.org	8.6	—	—	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N