There is a path traversal in Esri Portal for ArcGIS versions <= 11.2. Successful exploitation may allow a remote, authenticated attacker to traverse the file system to access files or execute code outside of the intended directory.
The vulnerability consists of insufficient verification of file paths submitted by an authenticated user to the application. An attacker can construct a specially crafted request containing path traversal sequences (e.g., '../'), which allow them to exit the intended working directory. As a result, it is possible to access operating system files and potentially execute code outside the allowed application area.
An authenticated remote attacker can read sensitive system files and execute code outside the designated application directory, which may lead to complete takeover of the server (RCE). The vulnerability has a changed scope (Scope: Changed), which means possible impact extending beyond the application component itself.
The Portal for ArcGIS Security 2024 Update 1 patch should be applied, available from the vendor. Patch details are described in references on the Esri ArcGIS Enterprise blog. It is also recommended to restrict portal access only to trusted and authenticated users and monitor logs for suspicious requests containing path traversal sequences.
Esri Portal for ArcGIS in versions 11.2 and earlier, running on Linux and Microsoft Windows systems.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HEsri Portal For Arcgis
APPEsri≤ 11.2Linux Kernel
OSLinuxwszystkie wersjeMicrosoft Windows
OSMicrosoftwszystkie wersje
Related vulnerabilities
Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów
Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty
Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP
Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows
PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit