CVE-2022-38194 — MEDIUM (6.7)

Vulnerability Description

In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Esri	Portal For Arcgis	10.8.1

Related Weaknesses (CWE)

CWE-311

References

https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portaVendor Advisory
https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portaVendor Advisory

FAQ

What is CVE-2022-38194?

CVE-2022-38194 is a vulnerability with a CVSS score of 6.7 (MEDIUM). In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file.

How severe is CVE-2022-38194?

CVE-2022-38194 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-38194?

Check the references section above for vendor advisories and patch information. Affected products include: Esri Portal For Arcgis.