CVE Vulnerability
CVE-2022-38197
Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote, unauthenticated attacker to phish a user into accessing an attacker controlled website via a crafted query parameter.
References
| Link | Resource |
|---|---|
| https://www.esri.com/arcgis-blog/products/administration/administration/arcgis-server-security-2022-update-1-patch | Vendor Advisory |
Configurations
Configuration 1
|
Information
Published : 2022-10-25 05:15
Updated : 2022-10-31 01:46
NVD link : CVE-2022-38197
Mitre link : CVE-2022-38197
Products Affected
No products.
CWE
CWE-601
URL Redirection to Untrusted Site ('Open Redirect')