Esri Arcgis_server
10 CVEs affecting Esri Arcgis_server. Latest disclosed: 2026-05-20. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-2812 | Medium | 5.3 | 2026-05-20 | ArcGIS Server contains an improper authentication vulnerability in an undocumented administrative endpoint. An unauthenticated attacker could exploit this issu… |
CVE-2026-2813 | Medium | 4.7 | 2026-05-20 | ArcGIS Server contains an input validation weakness in the login redirection workflow. An Authenticated attacker could exploit this issue by sending a speciall… |
CVE-2014-9741 | | 2015-07-08 | Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Desktop, ArcGIS for Engine, and ArcGIS for Server 10.2.2 and earlier allow remote attack… | |
CVE-2014-5122 | | 2014-08-22 | Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via… | |
CVE-2014-5121 | | 2014-08-22 | Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecif… | |
CVE-2013-7232 | | 2013-12-30 | SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map o… | |
CVE-2013-7231 | | 2013-12-30 | Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbit… | |
CVE-2013-5222 | | 2013-12-30 | Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via… | |
CVE-2013-5221 | | 2013-09-24 | The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2)… | |
CVE-2012-4949 | | 2012-11-14 | SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for… |