CVE-2021-29100 HIGH

CVE-2021-29100: ArcGIS Earth has a File Parsing Directory Traversal Vulnerability

Vendor Esri
Product ArcGIS Earth
Weakness CWE-23
Published May 5, 2021
Last update April 10, 2025

CVSS base score

7.8/10
Attack vector Local
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality High
Integrity High

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

What the vulnerability does

01Description

A path traversal vulnerability exists in Esri ArcGIS Earth versions 1.11.0 and below which allows arbitrary file creation on an affected system through crafted input. An attacker could exploit this vulnerability to gain arbitrary code execution under security context of the user running ArcGIS Earth by inducing the user to upload a crafted file to an affected system.

Key dates

02Disclosure timeline

May 5, 2021 CVE published
April 10, 2025 Record updated