CVE-2022-38184 HIGH

CVE-2022-38184: There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1

Vendor Esri
Product Portal for ArcGIS
Weakness CWE-284
Published August 16, 2022
Last update April 10, 2025

CVSS base score

7.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality High
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

What the vulnerability does

01Description

There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs.

Key dates

02Disclosure timeline

August 16, 2022 CVE published
April 10, 2025 Record updated

Related vulnerabilities

04Related CVE