CVE-2022-38208
MEDIUM WAF: Medium
CVSS 6.1
Published: 2022-12-29
CWE-601
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks.
WAF Coverage Analysis
Open Redirect
Medium WAF Coverage
OWASP: A01:2021 Broken Access Control
941xxx - XSS / XXE
Affected Software
| Vendor | Product | Version |
|---|---|---|
| esri | portal_for_arcgis | up to 11.0 |
References
- www.esri.com (Vendor Advisory)