CVE-2021-29113

Summary

A remote file inclusion vulnerability in the ArcGIS Server help documentation may allow a remote, unauthenticated attacker to inject attacker supplied html into a page.

Affected Software

VendorProductVersion RangeStatus
EsriArcGIS Server10.9 <= 10.9.0affected

Weaknesses

  • CWE-98: CWE-98: Improper Control of Filename for Include/Require Statement

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References