cbcvebase.
CVE-2024-51958
published 2025-03-03

CVE-2024-51958: There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Successful exploitation may allow a remote authenticated attacker with…

PriorityP428medium4.9CVSS 3.1
AVNACLPRHUINSUCHINAN
EPSS
0.56%
42.5th percentile
There is a path traversal vulnerability in ESRI ArcGIS Server versions 11.3 and below. Successful exploitation may allow a remote authenticated attacker with admin privileges to traverse the file system to access files outside of the intended directory. There is no impact to integrity or availability due to the nature of the files that can be accessed, but there is a potential high impact to confidentiality.

Affected

2 ranges
VendorProductVersion rangeFixed in
esriarcgis_server10.9.1 – 11.3
esriarcgis_serverall – 11.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.