admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 09:11:28 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-256xx/CVE-2024-25697.json
cad-safe-bot f521cb3d8c Auto-Update: 2025-01-08T15:00:25.572991+00:00
2025-01-08 15:03:49 +00:00

108 lines
3.4 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-25697",
"sourceIdentifier": "psirt@esri.com",
"published": "2024-04-04T18:15:11.027",
"lastModified": "2025-01-08T14:22:09.017",
"vulnStatus": "Analyzed",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "There is a Cross-site Scripting vulnerability\u00a0in Portal for ArcGIS in versions <=11.1 that may allow a remote, authenticated attacker to create a crafted link which when opening an authenticated users bio page will render an image in the victims browser. \u00a0The privileges required to execute this attack are low."
},
{
"lang": "es",
"value": "Existe una vulnerabilidad de Cross-Site Scripting en Portal for ArcGIS en versiones &lt;= 11.1 que puede permitir que un atacante remoto y autenticado cree un enlace manipulado que, al abrir la p\u00e1gina de biograf\u00eda de un usuario autenticado, mostrar\u00e1 una imagen en el navegador de la v\u00edctima. Los privilegios necesarios para ejecutar este ataque son bajos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "psirt@esri.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},
"weaknesses": [
{
"source": "psirt@esri.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-79"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:*",
"versionEndIncluding": "11.1",
"matchCriteriaId": "078945E5-0E7F-4FC3-BA84-F2D9E215AE8F"
}
]
}
]
}
],
"references": [
{
"url": "https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-1/",
"source": "psirt@esri.com",
"tags": [
"Vendor Advisory"
]
},
{
"url": "https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-1/",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink