Overview
- Description
- Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may allow users to access content that they are no longer privileged to access.
- Source
- psirt@esri.com
- NVD status
- Modified
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.4
- Impact score
- 2.5
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- psirt@esri.com
- CWE-269
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:esri:portal_for_arcgis:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "92E7BFF6-A949-45B0-BC21-4D219732F6FE",
"versionEndIncluding": "10.9.1",
"versionStartIncluding": "10.7.1"
}
],
"operator": "OR"
}
]
}
]