Search criteria
2 vulnerabilities found for arcgis_quickcapture by esri
CVE-2022-38201 (GCVE-0-2022-38201)
Vulnerability from nvd – Published: 2022-11-15 00:00 – Updated: 2025-04-10 14:55
VLAI
Title
An unvalidated redirect vulnerability exists in Esri ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1.
Summary
An unvalidated redirect vulnerability exists in Esri Portal for ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1. A remote, unauthenticated attacker can potentially induce an unsuspecting authenticated user to access an an attacker controlled domain.
Severity
6.1 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Esri | ArcGIS Quickcapture |
Affected:
10.8.1 , ≤ 10.9.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.esri.com/arcgis-blog/products/product/uncategorized/portal-for-arcgis-quick-capture-security-patch-is-now-available"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38201",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T14:49:38.659723Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T14:55:25.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64"
],
"product": "ArcGIS Quickcapture",
"vendor": "Esri",
"versions": [
{
"lessThanOrEqual": "10.9.1",
"status": "affected",
"version": "10.8.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Hussein Bahmad"
}
],
"descriptions": [
{
"lang": "en",
"value": "An unvalidated redirect vulnerability exists in Esri Portal for ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1. A remote, unauthenticated attacker can potentially induce an unsuspecting authenticated user to access an an attacker controlled domain."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-15T00:00:00.000Z",
"orgId": "cedc17bb-4939-4f40-a1f4-30ae8af1094e",
"shortName": "Esri"
},
"references": [
{
"url": "https://www.esri.com/arcgis-blog/products/product/uncategorized/portal-for-arcgis-quick-capture-security-patch-is-now-available"
}
],
"source": {
"defect": [
"BUG-000145824"
],
"discovery": "EXTERNAL"
},
"title": "An unvalidated redirect vulnerability exists in Esri ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1.",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "cedc17bb-4939-4f40-a1f4-30ae8af1094e",
"assignerShortName": "Esri",
"cveId": "CVE-2022-38201",
"datePublished": "2022-11-15T00:00:00.000Z",
"dateReserved": "2022-08-12T00:00:00.000Z",
"dateUpdated": "2025-04-10T14:55:25.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-38201 (GCVE-0-2022-38201)
Vulnerability from cvelistv5 – Published: 2022-11-15 00:00 – Updated: 2025-04-10 14:55
VLAI
Title
An unvalidated redirect vulnerability exists in Esri ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1.
Summary
An unvalidated redirect vulnerability exists in Esri Portal for ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1. A remote, unauthenticated attacker can potentially induce an unsuspecting authenticated user to access an an attacker controlled domain.
Severity
6.1 (Medium)
CWE
- CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')
Assigner
References
1 reference
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| Esri | ArcGIS Quickcapture |
Affected:
10.8.1 , ≤ 10.9.1
(custom)
|
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:45:52.960Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.esri.com/arcgis-blog/products/product/uncategorized/portal-for-arcgis-quick-capture-security-patch-is-now-available"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-38201",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-10T14:49:38.659723Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-10T14:55:25.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"platforms": [
"x64"
],
"product": "ArcGIS Quickcapture",
"vendor": "Esri",
"versions": [
{
"lessThanOrEqual": "10.9.1",
"status": "affected",
"version": "10.8.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "Hussein Bahmad"
}
],
"descriptions": [
{
"lang": "en",
"value": "An unvalidated redirect vulnerability exists in Esri Portal for ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1. A remote, unauthenticated attacker can potentially induce an unsuspecting authenticated user to access an an attacker controlled domain."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601 URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-15T00:00:00.000Z",
"orgId": "cedc17bb-4939-4f40-a1f4-30ae8af1094e",
"shortName": "Esri"
},
"references": [
{
"url": "https://www.esri.com/arcgis-blog/products/product/uncategorized/portal-for-arcgis-quick-capture-security-patch-is-now-available"
}
],
"source": {
"defect": [
"BUG-000145824"
],
"discovery": "EXTERNAL"
},
"title": "An unvalidated redirect vulnerability exists in Esri ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1.",
"x_generator": {
"engine": "vulnogram 0.1.0-rc1"
}
}
},
"cveMetadata": {
"assignerOrgId": "cedc17bb-4939-4f40-a1f4-30ae8af1094e",
"assignerShortName": "Esri",
"cveId": "CVE-2022-38201",
"datePublished": "2022-11-15T00:00:00.000Z",
"dateReserved": "2022-08-12T00:00:00.000Z",
"dateUpdated": "2025-04-10T14:55:25.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}