Vulnerability Description
There is a difficult‑to‑exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux, and ArcGIS Enterprise versions 11.1 and below on Kubernetes, which under unique circumstances could allow a remote, authenticated attacker with low‑privileged access to compromise the confidentiality, integrity, and availability of the software. Successful exploitation allows the attacker to cross an authentication and authorization boundary beyond their originally assigned access, resulting in a scope change.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Esri | Portal For Arcgis | >= 10.8.1, <= 11.2 |
| Linux | Linux Kernel | - |
| Microsoft | Windows | - |
| Esri | Arcgis Enterprise | <= 11.1 |
Related Weaknesses (CWE)
References
- https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portaVendor Advisory
- https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portaVendor Advisory
FAQ
What is CVE-2024-25699?
CVE-2024-25699 is a vulnerability with a CVSS score of 8.5 (HIGH). There is a difficult‑to‑exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux, and ArcGIS Enterprise versions 11.1 and b...
How severe is CVE-2024-25699?
CVE-2024-25699 has been rated HIGH with a CVSS base score of 8.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-25699?
Check the references section above for vendor advisories and patch information. Affected products include: Esri Portal For Arcgis, Linux Linux Kernel, Microsoft Windows, Esri Arcgis Enterprise.