admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2022/CVE-2022-382xx/CVE-2022-38200.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

122 lines
3.6 KiB
JSON
Raw Blame History

{
"id": "CVE-2022-38200",
"sourceIdentifier": "psirt@esri.com",
"published": "2022-10-25T17:15:55.527",
"lastModified": "2024-11-21T07:16:02.850",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross site scripting vulnerability exists in some map service configurations of ArcGIS Server versions 10.8.1 and 10.7.1. Specifically crafted web requests can execute arbitrary JavaScript in the context of the victim's browser."
},
{
"lang": "es",
"value": "Se presenta una vulnerabilidad de tipo cross site scripting en algunas configuraciones de servicios de mapas de ArcGIS Server versiones 10.8.1 y 10.7.1. Las peticiones web espec\u00edficamente dise\u00f1adas pueden ejecutar JavaScript arbitrario en el contexto del navegador de la v\u00edctima"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@esri.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@esri.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:arcgis_server:10.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "3ACE85AE-02C4-407F-A215-8A5FA0C42E08"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:arcgis_server:10.8.1:*:*:*:*:*:*:*",
"matchCriteriaId": "B7C6EF29-8C8D-45F4-9ECD-F40797F011C7"
}
]
}
]
}
],
"references": [
{
"url": "https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-map-service-security-2022-update-1-is-now-available",
"source": "psirt@esri.com",
"tags": [
"Broken Link"
]
},
{
"url": "https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-server-map-service-security-2022-update-1-is-now-available",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Broken Link"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink