Primary

Context

Esri ArcGIS Server Improper Access Control Vulnerability Allowing Unauthorized Access to Secure Services

Vulnerability

A vulnerability exists in ArcGIS Server on Windows and Linux, in versions 11.3 and prior. This issue involves improper access control, which could, under certain conditions, enable a remote, low-privileged authenticated attacker to access secure services on a standalone (unfederated) ArcGIS Server instance. Successful exploitation of this vulnerability could significantly compromise confidentiality, while having a minor impact on integrity and no effect on availability.

Impact

Exploitation of this vulnerability could lead to unauthorized access to secure services, with a significant risk to confidentiality.

Remediation

Users are advised to apply the ArcGIS Server Security 2025 Update 1 Patch, available through the Esri Support website, to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

3.1

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

3.1

exploitability

5.2

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Esri ArcGIS Server Improper Access Control Vulnerability Allowing Unauthorized Access to Secure Services

Vulnerability

Impact

Remediation

Affected Products

Esri ArcGIS Server

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating