cbcvebase.
CVE-2022-38202
published 2022-12-28

CVE-2022-38202: There is a path traversal vulnerability in Esri ArcGIS Server versions 10.9.1 and below. Successful exploitation may allow a remote, unauthenticated attacker…

PriorityP346high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.33%
67.6th percentile
There is a path traversal vulnerability in Esri ArcGIS Server versions 10.9.1 and below. Successful exploitation may allow a remote, unauthenticated attacker traverse the file system to access files outside of the intended directory on ArcGIS Server. This could lead to the disclosure of sensitive site configuration information (not user datasets).

Affected

2 ranges
VendorProductVersion rangeFixed in
esriarcgis_server<= 10.9.1
esriarcgis_server11.0 – all
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.