Esri Portal For Arcgis
51 CVEs affecting Esri Portal For Arcgis. Latest disclosed: 2026-04-21. Critical: 5, High: 10.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-25693 | Critical | 9.9 | 2024-04-04 | There is a path traversal in Esri Portal for ArcGIS versions <= 11.2. Successful exploitation may allow a remote, authenticated attacker to traverse the file… |
CVE-2026-33519 | Critical | 9.8 | 2026-04-21 | An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes that did not correctly check per… |
CVE-2026-33518 | Critical | 9.8 | 2026-04-21 | An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly privileged users to create develo… |
CVE-2025-2538 | Critical | 9.8 | 2025-03-20 | A hardcoded credential vulnerability exists in a specific deployment pattern for Esri Portal for ArcGIS versions 11.4 and below that may allow a remote unauthe… |
CVE-2025-4967 | Critical | 9.1 | 2025-05-29 | Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portal’s SSRF protections. |
CVE-2023-25832 | High | 8.8 | 2023-05-09 | There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker to trick an authorized user in… |
CVE-2021-29108 | High | 8.8 | 2021-10-01 | There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authe… |
CVE-2024-25699 | High | 8.5 | 2024-04-04 | There is a difficult‑to‑exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2 and below on Windows and Linux… |
CVE-2024-38040 | High | 7.5 | 2024-10-04 | There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated attacker to craft a URL that co… |
CVE-2022-38203 | High | 7.5 | 2022-12-30 | Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and… |
CVE-2022-38184 | High | 7.5 | 2022-08-16 | There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access… |
CVE-2022-38187 | High | 7.5 | 2022-08-15 | Prior to version 10.9.0, the sharing/rest/content/features/analyze endpoint is always accessible to anonymous users, which could allow an unauthenticated attac… |
CVE-2024-25695 | High | 7.2 | 2024-04-04 | There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.2 and below that may allow a remote, authenticated attacker to provide input… |
CVE-2022-38188 | High | 7.1 | 2022-08-15 | There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convince a user to click on a crafte… |
CVE-2022-38186 | High | 7.1 | 2022-08-15 | There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click o… |
CVE-2022-38194 | Medium | 6.7 | 2022-08-16 | In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sensitive information from a prop… |
CVE-2025-57872 | Medium | 6.1 | 2025-09-29 | There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that c… |
CVE-2025-57878 | Medium | 6.1 | 2025-09-29 | There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that c… |
CVE-2025-57879 | Medium | 6.1 | 2025-09-29 | There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated attacker to craft a URL that c… |
CVE-2024-38038 | Medium | 6.1 | 2024-10-04 | There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 which may allow a remote, unauthenticated attacker to create a crafted link whic… |