cbcvebase.
CVE-2024-25699
published 2024-04-04

CVE-2024-25699: There is a difficult‑to‑exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux…

PriorityP356high8.5CVSS 3.1
AVNACHPRLUINSCCHIHAH
EPSS
0.70%
48.4th percentile
There is a difficult‑to‑exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux, and ArcGIS Enterprise versions 11.1 and below on Kubernetes, which under unique circumstances could allow a remote, authenticated attacker with low‑privileged access to compromise the confidentiality, integrity, and availability of the software. Successful exploitation allows the attacker to cross an authentication and authorization boundary beyond their originally assigned access, resulting in a scope change.

Affected

3 ranges
VendorProductVersion rangeFixed in
esriarcgis_enterprise<= 11.1
esriportal_for_arcgis10.8.1 – 11.2
esriportal_for_arcgisall – <= 11.2
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.