Vulnerability-Lookup

CVE-2024-25703 (GCVE-0-2024-25703)

Vulnerability from cvelistv5 – Published: 2024-04-04 17:55 – Updated: 2024-04-25 18:20

This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because this item is scheduled to be patched at a future time.

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "cna": {
      "providerMetadata": {
        "dateUpdated": "2024-04-25T18:20:28.471Z",
        "orgId": "cedc17bb-4939-4f40-a1f4-30ae8af1094e",
        "shortName": "Esri"
      },
      "rejectedReasons": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\n\nThis CVE ID has been rejected or withdrawn by its CVE Numbering Authority because this item is scheduled to be patched at a future time.\n\n"
            }
          ],
          "value": "\nThis CVE ID has been rejected or withdrawn by its CVE Numbering Authority because this item is scheduled to be patched at a future time.\n\n"
        }
      ],
      "x_generator": {
        "engine": "Vulnogram 0.1.0-dev"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "cedc17bb-4939-4f40-a1f4-30ae8af1094e",
    "assignerShortName": "Esri",
    "cveId": "CVE-2024-25703",
    "datePublished": "2024-04-04T17:55:42.538Z",
    "dateRejected": "2024-04-25T18:20:06.814Z",
    "dateReserved": "2024-02-09T19:08:35.888Z",
    "dateUpdated": "2024-04-25T18:20:28.471Z",
    "state": "REJECTED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.0",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-25703\",\"sourceIdentifier\":\"psirt@esri.com\",\"published\":\"2024-04-04T18:15:12.090\",\"lastModified\":\"2024-04-25T19:15:49.520\",\"vulnStatus\":\"Rejected\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Rejected reason: \\nThis CVE ID has been rejected or withdrawn by its CVE Numbering Authority because this item is scheduled to be patched at a future time.\\n\\n\"}],\"metrics\":{},\"references\":[]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"providerMetadata\": {\"orgId\": \"cedc17bb-4939-4f40-a1f4-30ae8af1094e\", \"shortName\": \"Esri\", \"dateUpdated\": \"2024-04-25T18:20:28.471Z\"}, \"rejectedReasons\": [{\"lang\": \"en\", \"supportingMedia\": [{\"base64\": false, \"type\": \"text/html\", \"value\": \"\\n\\nThis CVE ID has been rejected or withdrawn by its CVE Numbering Authority because this item is scheduled to be patched at a future time.\\n\\n\"}], \"value\": \"\\nThis CVE ID has been rejected or withdrawn by its CVE Numbering Authority because this item is scheduled to be patched at a future time.\\n\\n\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-25703\", \"assignerOrgId\": \"cedc17bb-4939-4f40-a1f4-30ae8af1094e\", \"state\": \"REJECTED\", \"assignerShortName\": \"Esri\", \"dateReserved\": \"2024-02-09T19:08:35.888Z\", \"datePublished\": \"2024-04-04T17:55:42.538Z\", \"dateUpdated\": \"2024-04-25T18:20:28.471Z\", \"dateRejected\": \"2024-04-25T18:20:06.814Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.0"
    }
  }
}

FKIE_CVE-2024-25703

Vulnerability from fkie_nvd - Published: 2024-04-04 18:15 - Updated: 2024-04-25 19:15

Severity

Summary

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority because this item is scheduled to be patched at a future time.

References

	URL	Tags

Impacted products

	Vendor	Product	Version

JSON

To clipboard

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Rejected reason: \nThis CVE ID has been rejected or withdrawn by its CVE Numbering Authority because this item is scheduled to be patched at a future time.\n\n"
    }
  ],
  "id": "CVE-2024-25703",
  "lastModified": "2024-04-25T19:15:49.520",
  "metrics": {},
  "published": "2024-04-04T18:15:12.090",
  "references": [],
  "sourceIdentifier": "psirt@esri.com",
  "vulnStatus": "Rejected"
}

GHSA-55VP-7JR8-5MM9

Vulnerability from github – Published: 2024-04-04 18:30 – Updated: 2024-04-25 21:30

Details

There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim’s browser.

Severity

6.1 (Medium)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2024-25703"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2024-04-04T18:15:12Z",
    "severity": "MODERATE"
  },
  "details": "There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser.",
  "id": "GHSA-55vp-7jr8-5mm9",
  "modified": "2024-04-25T21:30:30Z",
  "published": "2024-04-04T18:30:33Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-25703"
    },
    {
      "type": "WEB",
      "url": "https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2024-update-2"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
      "type": "CVSS_V3"
    }
  ]
}

GSD-2024-25703

Vulnerability from gsd - Updated: 2024-02-10 06:02

Details

Aliases

CVE-2024-25703

JSON

To clipboard

{
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2024-25703"
      ],
      "details": "There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Windows and Linux that allows a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser.",
      "id": "GSD-2024-25703",
      "modified": "2024-02-10T06:02:58.201943Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "psirt@esri.com",
        "ID": "CVE-2024-25703",
        "STATE": "REJECT"
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "** REJECT ** \nThis CVE ID has been rejected or withdrawn by its CVE Numbering Authority because this item is scheduled to be patched at a future time.\n\n"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "cve": {
        "descriptions": [
          {
            "lang": "en",
            "value": "Rejected reason: \nThis CVE ID has been rejected or withdrawn by its CVE Numbering Authority because this item is scheduled to be patched at a future time.\n\n"
          }
        ],
        "id": "CVE-2024-25703",
        "lastModified": "2024-04-25T19:15:49.520",
        "metrics": {},
        "published": "2024-04-04T18:15:12.090",
        "references": [],
        "sourceIdentifier": "psirt@esri.com",
        "vulnStatus": "Rejected"
      }
    }
  }
}

WID-SEC-W-2024-0800

Vulnerability from csaf_certbund - Published: 2024-04-04 22:00 - Updated: 2024-11-27 23:00

Summary

ESRI Portal for ArcGIS: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: ArcGIS ist ein Geoinformationssystem.

Angriff: Ein entfernter authentifizierter Angreifer kann mehrere Schwachstellen in ESRI ArcGIS ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder Cross-Site Scripting (XSS)-Angriffe durchzuführen.

Betroffene Betriebssysteme: - Linux - Windows

CVE-2024-25690

Es gibt mehrere Schwachstellen in Esri Portal for ArcGIS. Die Ursachen sind z.B. eine unsachgemäße Authentifizierung oder ein Path Traversal Problem. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuführen, vertrauliche Informationen offenzulegen oder Cross-Site Scripting (XSS)-Angriffe durchzuführen.

Affected products

Last affected 3 products

Product	Identifier	Version	Remediation
ESRI ArcGIS portal <=10.8.1 ESRI / ArcGIS		portal <=10.8.1
ESRI ArcGIS portal <=11.0 ESRI / ArcGIS		portal <=11.0
ESRI ArcGIS portal <=10.9.1 ESRI / ArcGIS		portal <=10.9.1

CVE-2024-25692

Affected products

Last affected 3 products

Product	Identifier	Version	Remediation
ESRI ArcGIS portal <=10.8.1 ESRI / ArcGIS		portal <=10.8.1
ESRI ArcGIS portal <=11.0 ESRI / ArcGIS		portal <=11.0
ESRI ArcGIS portal <=10.9.1 ESRI / ArcGIS		portal <=10.9.1

CVE-2024-25693

Affected products

Last affected 3 products

Product	Identifier	Version	Remediation
ESRI ArcGIS portal <=10.8.1 ESRI / ArcGIS		portal <=10.8.1
ESRI ArcGIS portal <=11.0 ESRI / ArcGIS		portal <=11.0
ESRI ArcGIS portal <=10.9.1 ESRI / ArcGIS		portal <=10.9.1

CVE-2024-25695

Affected products

Last affected 3 products

Product	Identifier	Version	Remediation
ESRI ArcGIS portal <=10.8.1 ESRI / ArcGIS		portal <=10.8.1
ESRI ArcGIS portal <=11.0 ESRI / ArcGIS		portal <=11.0
ESRI ArcGIS portal <=10.9.1 ESRI / ArcGIS		portal <=10.9.1

CVE-2024-25696

Affected products

Last affected 3 products

Product	Identifier	Version	Remediation
ESRI ArcGIS portal <=10.8.1 ESRI / ArcGIS		portal <=10.8.1
ESRI ArcGIS portal <=11.0 ESRI / ArcGIS		portal <=11.0
ESRI ArcGIS portal <=10.9.1 ESRI / ArcGIS		portal <=10.9.1

CVE-2024-25697

Affected products

Last affected 3 products

Product	Identifier	Version	Remediation
ESRI ArcGIS portal <=10.8.1 ESRI / ArcGIS		portal <=10.8.1
ESRI ArcGIS portal <=11.0 ESRI / ArcGIS		portal <=11.0
ESRI ArcGIS portal <=10.9.1 ESRI / ArcGIS		portal <=10.9.1

CVE-2024-25698

Affected products

Last affected 3 products

Product	Identifier	Version	Remediation
ESRI ArcGIS portal <=10.8.1 ESRI / ArcGIS		portal <=10.8.1
ESRI ArcGIS portal <=11.0 ESRI / ArcGIS		portal <=11.0
ESRI ArcGIS portal <=10.9.1 ESRI / ArcGIS		portal <=10.9.1

CVE-2024-25699

Affected products

Last affected 3 products

Product	Identifier	Version	Remediation
ESRI ArcGIS portal <=10.8.1 ESRI / ArcGIS		portal <=10.8.1
ESRI ArcGIS portal <=11.0 ESRI / ArcGIS		portal <=11.0
ESRI ArcGIS portal <=10.9.1 ESRI / ArcGIS		portal <=10.9.1

CVE-2024-25700

Affected products

Last affected 3 products

Product	Identifier	Version	Remediation
ESRI ArcGIS portal <=10.8.1 ESRI / ArcGIS		portal <=10.8.1
ESRI ArcGIS portal <=11.0 ESRI / ArcGIS		portal <=11.0
ESRI ArcGIS portal <=10.9.1 ESRI / ArcGIS		portal <=10.9.1

CVE-2024-25703

Affected products

Last affected 3 products

Product	Identifier	Version	Remediation
ESRI ArcGIS portal <=10.8.1 ESRI / ArcGIS		portal <=10.8.1
ESRI ArcGIS portal <=11.0 ESRI / ArcGIS		portal <=11.0
ESRI ArcGIS portal <=10.9.1 ESRI / ArcGIS		portal <=10.9.1

CVE-2024-25704

Affected products

Last affected 3 products

Product	Identifier	Version	Remediation
ESRI ArcGIS portal <=10.8.1 ESRI / ArcGIS		portal <=10.8.1
ESRI ArcGIS portal <=11.0 ESRI / ArcGIS		portal <=11.0
ESRI ArcGIS portal <=10.9.1 ESRI / ArcGIS		portal <=10.9.1

CVE-2024-25705

Affected products

Last affected 3 products

Product	Identifier	Version	Remediation
ESRI ArcGIS portal <=10.8.1 ESRI / ArcGIS		portal <=10.8.1
ESRI ArcGIS portal <=11.0 ESRI / ArcGIS		portal <=11.0
ESRI ArcGIS portal <=10.9.1 ESRI / ArcGIS		portal <=10.9.1

CVE-2024-25706

Affected products

Last affected 3 products

Product	Identifier	Version	Remediation
ESRI ArcGIS portal <=10.8.1 ESRI / ArcGIS		portal <=10.8.1
ESRI ArcGIS portal <=11.0 ESRI / ArcGIS		portal <=11.0
ESRI ArcGIS portal <=10.9.1 ESRI / ArcGIS		portal <=10.9.1

CVE-2024-25708

Affected products

Last affected 3 products

Product	Identifier	Version	Remediation
ESRI ArcGIS portal <=10.8.1 ESRI / ArcGIS		portal <=10.8.1
ESRI ArcGIS portal <=11.0 ESRI / ArcGIS		portal <=11.0
ESRI ArcGIS portal <=10.9.1 ESRI / ArcGIS		portal <=10.9.1

CVE-2024-25709

Affected products

Last affected 3 products

Product	Identifier	Version	Remediation
ESRI ArcGIS portal <=10.8.1 ESRI / ArcGIS		portal <=10.8.1
ESRI ArcGIS portal <=11.0 ESRI / ArcGIS		portal <=11.0
ESRI ArcGIS portal <=10.9.1 ESRI / ArcGIS		portal <=10.9.1

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://www.esri.com/arcgis-blog/products/trust-a…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "ArcGIS ist ein Geoinformationssystem.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter authentifizierter Angreifer kann mehrere Schwachstellen in ESRI ArcGIS ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder Cross-Site Scripting (XSS)-Angriffe durchzuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0800 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0800.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0800 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0800"
      },
      {
        "category": "external",
        "summary": "Esri Portal for ArcGIS Security 2024 Update 1 vom 2024-04-04",
        "url": "https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/portal-for-arcgis-security-2024-update-2/"
      }
    ],
    "source_lang": "en-US",
    "title": "ESRI Portal for ArcGIS: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-11-27T23:00:00.000+00:00",
      "generator": {
        "date": "2024-11-28T12:09:10.450+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.8"
        }
      },
      "id": "WID-SEC-W-2024-0800",
      "initial_release_date": "2024-04-04T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-04-04T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-11-27T23:00:00.000+00:00",
          "number": "2",
          "summary": "Produktzuordnung \u00fcberpr\u00fcft"
        }
      ],
      "status": "final",
      "version": "2"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "portal \u003c=11.0",
                "product": {
                  "name": "ESRI ArcGIS portal \u003c=11.0",
                  "product_id": "T033932"
                }
              },
              {
                "category": "product_version_range",
                "name": "portal \u003c=11.0",
                "product": {
                  "name": "ESRI ArcGIS portal \u003c=11.0",
                  "product_id": "T033932-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "portal \u003c=10.9.1",
                "product": {
                  "name": "ESRI ArcGIS portal \u003c=10.9.1",
                  "product_id": "T033933"
                }
              },
              {
                "category": "product_version_range",
                "name": "portal \u003c=10.9.1",
                "product": {
                  "name": "ESRI ArcGIS portal \u003c=10.9.1",
                  "product_id": "T033933-fixed"
                }
              },
              {
                "category": "product_version_range",
                "name": "portal \u003c=10.8.1",
                "product": {
                  "name": "ESRI ArcGIS portal \u003c=10.8.1",
                  "product_id": "T033934"
                }
              },
              {
                "category": "product_version_range",
                "name": "portal \u003c=10.8.1",
                "product": {
                  "name": "ESRI ArcGIS portal \u003c=10.8.1",
                  "product_id": "T033934-fixed"
                }
              }
            ],
            "category": "product_name",
            "name": "ArcGIS"
          }
        ],
        "category": "vendor",
        "name": "ESRI"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-25690",
      "notes": [
        {
          "category": "description",
          "text": "Es gibt mehrere Schwachstellen in Esri Portal for ArcGIS. Die Ursachen sind z.B. eine unsachgem\u00e4\u00dfe Authentifizierung oder ein Path Traversal Problem. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder Cross-Site Scripting (XSS)-Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "last_affected": [
          "T033934",
          "T033932",
          "T033933"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2024-25690"
    },
    {
      "cve": "CVE-2024-25692",
      "notes": [
        {
          "category": "description",
          "text": "Es gibt mehrere Schwachstellen in Esri Portal for ArcGIS. Die Ursachen sind z.B. eine unsachgem\u00e4\u00dfe Authentifizierung oder ein Path Traversal Problem. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder Cross-Site Scripting (XSS)-Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "last_affected": [
          "T033934",
          "T033932",
          "T033933"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2024-25692"
    },
    {
      "cve": "CVE-2024-25693",
      "notes": [
        {
          "category": "description",
          "text": "Es gibt mehrere Schwachstellen in Esri Portal for ArcGIS. Die Ursachen sind z.B. eine unsachgem\u00e4\u00dfe Authentifizierung oder ein Path Traversal Problem. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder Cross-Site Scripting (XSS)-Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "last_affected": [
          "T033934",
          "T033932",
          "T033933"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2024-25693"
    },
    {
      "cve": "CVE-2024-25695",
      "notes": [
        {
          "category": "description",
          "text": "Es gibt mehrere Schwachstellen in Esri Portal for ArcGIS. Die Ursachen sind z.B. eine unsachgem\u00e4\u00dfe Authentifizierung oder ein Path Traversal Problem. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder Cross-Site Scripting (XSS)-Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "last_affected": [
          "T033934",
          "T033932",
          "T033933"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2024-25695"
    },
    {
      "cve": "CVE-2024-25696",
      "notes": [
        {
          "category": "description",
          "text": "Es gibt mehrere Schwachstellen in Esri Portal for ArcGIS. Die Ursachen sind z.B. eine unsachgem\u00e4\u00dfe Authentifizierung oder ein Path Traversal Problem. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder Cross-Site Scripting (XSS)-Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "last_affected": [
          "T033934",
          "T033932",
          "T033933"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2024-25696"
    },
    {
      "cve": "CVE-2024-25697",
      "notes": [
        {
          "category": "description",
          "text": "Es gibt mehrere Schwachstellen in Esri Portal for ArcGIS. Die Ursachen sind z.B. eine unsachgem\u00e4\u00dfe Authentifizierung oder ein Path Traversal Problem. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder Cross-Site Scripting (XSS)-Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "last_affected": [
          "T033934",
          "T033932",
          "T033933"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2024-25697"
    },
    {
      "cve": "CVE-2024-25698",
      "notes": [
        {
          "category": "description",
          "text": "Es gibt mehrere Schwachstellen in Esri Portal for ArcGIS. Die Ursachen sind z.B. eine unsachgem\u00e4\u00dfe Authentifizierung oder ein Path Traversal Problem. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder Cross-Site Scripting (XSS)-Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "last_affected": [
          "T033934",
          "T033932",
          "T033933"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2024-25698"
    },
    {
      "cve": "CVE-2024-25699",
      "notes": [
        {
          "category": "description",
          "text": "Es gibt mehrere Schwachstellen in Esri Portal for ArcGIS. Die Ursachen sind z.B. eine unsachgem\u00e4\u00dfe Authentifizierung oder ein Path Traversal Problem. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder Cross-Site Scripting (XSS)-Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "last_affected": [
          "T033934",
          "T033932",
          "T033933"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2024-25699"
    },
    {
      "cve": "CVE-2024-25700",
      "notes": [
        {
          "category": "description",
          "text": "Es gibt mehrere Schwachstellen in Esri Portal for ArcGIS. Die Ursachen sind z.B. eine unsachgem\u00e4\u00dfe Authentifizierung oder ein Path Traversal Problem. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder Cross-Site Scripting (XSS)-Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "last_affected": [
          "T033934",
          "T033932",
          "T033933"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2024-25700"
    },
    {
      "cve": "CVE-2024-25703",
      "notes": [
        {
          "category": "description",
          "text": "Es gibt mehrere Schwachstellen in Esri Portal for ArcGIS. Die Ursachen sind z.B. eine unsachgem\u00e4\u00dfe Authentifizierung oder ein Path Traversal Problem. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder Cross-Site Scripting (XSS)-Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "last_affected": [
          "T033934",
          "T033932",
          "T033933"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2024-25703"
    },
    {
      "cve": "CVE-2024-25704",
      "notes": [
        {
          "category": "description",
          "text": "Es gibt mehrere Schwachstellen in Esri Portal for ArcGIS. Die Ursachen sind z.B. eine unsachgem\u00e4\u00dfe Authentifizierung oder ein Path Traversal Problem. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder Cross-Site Scripting (XSS)-Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "last_affected": [
          "T033934",
          "T033932",
          "T033933"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2024-25704"
    },
    {
      "cve": "CVE-2024-25705",
      "notes": [
        {
          "category": "description",
          "text": "Es gibt mehrere Schwachstellen in Esri Portal for ArcGIS. Die Ursachen sind z.B. eine unsachgem\u00e4\u00dfe Authentifizierung oder ein Path Traversal Problem. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder Cross-Site Scripting (XSS)-Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "last_affected": [
          "T033934",
          "T033932",
          "T033933"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2024-25705"
    },
    {
      "cve": "CVE-2024-25706",
      "notes": [
        {
          "category": "description",
          "text": "Es gibt mehrere Schwachstellen in Esri Portal for ArcGIS. Die Ursachen sind z.B. eine unsachgem\u00e4\u00dfe Authentifizierung oder ein Path Traversal Problem. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder Cross-Site Scripting (XSS)-Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "last_affected": [
          "T033934",
          "T033932",
          "T033933"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2024-25706"
    },
    {
      "cve": "CVE-2024-25708",
      "notes": [
        {
          "category": "description",
          "text": "Es gibt mehrere Schwachstellen in Esri Portal for ArcGIS. Die Ursachen sind z.B. eine unsachgem\u00e4\u00dfe Authentifizierung oder ein Path Traversal Problem. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder Cross-Site Scripting (XSS)-Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "last_affected": [
          "T033934",
          "T033932",
          "T033933"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2024-25708"
    },
    {
      "cve": "CVE-2024-25709",
      "notes": [
        {
          "category": "description",
          "text": "Es gibt mehrere Schwachstellen in Esri Portal for ArcGIS. Die Ursachen sind z.B. eine unsachgem\u00e4\u00dfe Authentifizierung oder ein Path Traversal Problem. Ein entfernter, authentifizierter Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Code auszuf\u00fchren, vertrauliche Informationen offenzulegen oder Cross-Site Scripting (XSS)-Angriffe durchzuf\u00fchren."
        }
      ],
      "product_status": {
        "last_affected": [
          "T033934",
          "T033932",
          "T033933"
        ]
      },
      "release_date": "2024-04-04T22:00:00.000+00:00",
      "title": "CVE-2024-25709"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-25703 (GCVE-0-2024-25703)

FKIE_CVE-2024-25703

GHSA-55VP-7JR8-5MM9

GSD-2024-25703

WID-SEC-W-2024-0800

Tags

Sightings

Nomenclature