What is CVE-2022-38194?

CVE-2022-38194 is a medium-severity vulnerability in Esri Portal For Arcgis, classified under Missing Encryption of Sensitive Data. CVSS score: 6.7/10. Published 2022-08-16.

How severe is CVE-2022-38194?

Medium severity. CVSS v3 base score is 6.7 out of 10.

Vulnerability in Esri Portal For Arcgis

CVE-2022-38194

In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a properties file.

EPSS: 0.000 (10.6th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 6.7 (Medium). Vector: CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N.

Affected products

Esri Portal For Arcgis — versions 10.8.1

Weakness classification (CWE)

CWE-311 — Missing Encryption of Sensitive Data

References

www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-a… (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2022-38194?: CVE-2022-38194 is a medium-severity vulnerability in Esri Portal For Arcgis, classified under Missing Encryption of Sensitive Data. CVSS score: 6.7/10. Published 2022-08-16.
How severe is CVE-2022-38194?: Medium severity. CVSS v3 base score is 6.7 out of 10.