admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-08-04 08:44:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2022-12-29 20:00:43 +00:00
parent 6494fb8efa
commit 9401f113df
No known key found for this signature in database
GPG Key ID: E3252B3D49582C98
8 changed files with 48 additions and 40 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
2022/38xxx/CVE-2022-38203.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "PSIRT@esri.com",
"ASSIGNER": "psirt@esri.com",
"DATE_PUBLIC": "2022-12-05T08:00:00.000Z",
"ID": "CVE-2022-38203",
"STATE": "PUBLIC",
@ -39,7 +39,7 @@
"description_data": [
{
"lang": "eng",
"value": "Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38212. "
"value": "Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38212."
}
]
},
@ -77,8 +77,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available"
"refsource": "MISC",
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available",
"name": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available"
}
]
},
@ -88,4 +89,4 @@
],
"discovery": "EXTERNAL"
}
}
}

11
2022/38xxx/CVE-2022-38204.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "PSIRT@esri.com",
"ASSIGNER": "psirt@esri.com",
"DATE_PUBLIC": "2022-12-05T17:22:00.000Z",
"ID": "CVE-2022-38204",
"STATE": "PUBLIC",
@ -39,7 +39,7 @@
"description_data": [
{
"lang": "eng",
"value": "There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victims browser."
"value": "There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser."
}
]
},
@ -77,8 +77,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available"
"refsource": "MISC",
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available",
"name": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available"
}
]
},
@ -88,4 +89,4 @@
],
"discovery": "EXTERNAL"
}
}
}

11
2022/38xxx/CVE-2022-38205.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "PSIRT@esri.com",
"ASSIGNER": "psirt@esri.com",
"DATE_PUBLIC": "2022-12-05T17:26:00.000Z",
"ID": "CVE-2022-38205",
"STATE": "PUBLIC",
@ -39,7 +39,7 @@
"description_data": [
{
"lang": "eng",
"value": "In some non-default installations of Esri Portal for ArcGIS versions 10.9.1 and below, a directory traversal issue may allow a remote, unauthenticated attacker to traverse the file system and lead to the disclosure of sensitive data (not customer-published content). "
"value": "In some non-default installations of Esri Portal for ArcGIS versions 10.9.1 and below, a directory traversal issue may allow a remote, unauthenticated attacker to traverse the file system and lead to the disclosure of sensitive data (not customer-published content)."
}
]
},
@ -77,8 +77,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available"
"refsource": "MISC",
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available",
"name": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available"
}
]
},
@ -88,4 +89,4 @@
],
"discovery": "EXTERNAL"
}
}
}

11
2022/38xxx/CVE-2022-38206.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "PSIRT@esri.com",
"ASSIGNER": "psirt@esri.com",
"DATE_PUBLIC": "2022-12-05T18:06:00.000Z",
"ID": "CVE-2022-38206",
"STATE": "PUBLIC",
@ -39,7 +39,7 @@
"description_data": [
{
"lang": "eng",
"value": "There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victims browser."
"value": "There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim\u2019s browser."
}
]
},
@ -77,8 +77,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available"
"refsource": "MISC",
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available",
"name": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available"
}
]
},
@ -88,4 +89,4 @@
],
"discovery": "EXTERNAL"
}
}
}

11
2022/38xxx/CVE-2022-38207.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "PSIRT@esri.com",
"ASSIGNER": "psirt@esri.com",
"DATE_PUBLIC": "2022-12-05T18:10:00.000Z",
"ID": "CVE-2022-38207",
"STATE": "PUBLIC",
@ -39,7 +39,7 @@
"description_data": [
{
"lang": "eng",
"value": "There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked which could execute arbitrary JavaScript code in the victims browser."
"value": "There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote remote, unauthenticated attacker to create a crafted link which when clicked which could execute arbitrary JavaScript code in the victim\u2019s browser."
}
]
},
@ -77,8 +77,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available"
"refsource": "MISC",
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available",
"name": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available"
}
]
},
@ -88,4 +89,4 @@
],
"discovery": "EXTERNAL"
}
}
}

11
2022/38xxx/CVE-2022-38208.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "PSIRT@esri.com",
"ASSIGNER": "psirt@esri.com",
"DATE_PUBLIC": "2022-12-05T18:38:00.000Z",
"ID": "CVE-2022-38208",
"STATE": "PUBLIC",
@ -39,7 +39,7 @@
"description_data": [
{
"lang": "eng",
"value": "There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks. "
"value": "There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplifying phishing attacks."
}
]
},
@ -77,8 +77,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available"
"refsource": "MISC",
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available",
"name": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available"
}
]
},
@ -88,4 +89,4 @@
],
"discovery": "EXTERNAL"
}
}
}

11
2022/38xxx/CVE-2022-38209.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "PSIRT@esri.com",
"ASSIGNER": "psirt@esri.com",
"DATE_PUBLIC": "2022-12-05T18:41:00.000Z",
"ID": "CVE-2022-38209",
"STATE": "PUBLIC",
@ -39,7 +39,7 @@
"description_data": [
{
"lang": "eng",
"value": "There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victims browser."
"value": "There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could execute arbitrary JavaScript code in the victim\u2019s browser."
}
]
},
@ -77,8 +77,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available"
"refsource": "MISC",
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available",
"name": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available"
}
]
},
@ -88,4 +89,4 @@
],
"discovery": "EXTERNAL"
}
}
}

11
2022/38xxx/CVE-2022-38212.json
View File

@ -1,6 +1,6 @@
{
"CVE_data_meta": {
"ASSIGNER": "PSIRT@esri.com",
"ASSIGNER": "psirt@esri.com",
"DATE_PUBLIC": "2022-12-05T18:55:00.000Z",
"ID": "CVE-2022-38212",
"STATE": "PUBLIC",
@ -39,7 +39,7 @@
"description_data": [
{
"lang": "eng",
"value": " Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38203."
"value": "Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38203."
}
]
},
@ -77,8 +77,9 @@
"references": {
"reference_data": [
{
"refsource": "CONFIRM",
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available"
"refsource": "MISC",
"url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available",
"name": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2022-update-2-patch-is-now-available"
}
]
},
@ -88,4 +89,4 @@
],
"discovery": "EXTERNAL"
}
}
}