What is CVE-2021-29102?

CVE-2021-29102 is a critical-severity vulnerability in Esri Arcgis Server, classified under Server-Side Request Forgery (SSRF). CVSS score: 9.1/10. Published 2021-07-11.

How severe is CVE-2021-29102?

Critical severity. CVSS v3 base score is 9.1 out of 10.

SSRF in Esri Arcgis Server

CVE-2021-29102

A Server-Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager version 10.8.1 and below may allow a remote, unauthenticated attacker to forge GET requests to arbitrary URLs from the system, potentially leading to network enume…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.007 (71.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N.

Affected products

Esri Arcgis Server — versions All

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

References

www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-serve… (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2021-29102?: CVE-2021-29102 is a critical-severity vulnerability in Esri Arcgis Server, classified under Server-Side Request Forgery (SSRF). CVSS score: 9.1/10. Published 2021-07-11.
How severe is CVE-2021-29102?: Critical severity. CVSS v3 base score is 9.1 out of 10.