Known Vulnerabilities for Portal For Arcgis by Esri
Listed below are 10 of the newest known vulnerabilities associated with "Portal For Arcgis" by "Esri".
These CVEs are retrieved based on exact matches on listed software, hardware, and vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed software information are still displayed.
Data on known vulnerable versions is also displayed based on information from known CPEs
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33519 json | An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernete... | Not Provided | 2026-04-21 | 2026-04-23 |
| CVE-2026-33518 json | An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly... | Not Provided | 2026-04-21 | 2026-04-23 |
| CVE-2026-13020 json | A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windo... | Not Provided | 2026-07-07 | 2026-07-08 |
| CVE-2026-13019 json | Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes have a missing authentication for critical ... | Not Provided | 2026-07-07 | 2026-07-08 |
| CVE-2023-25837 json | There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, aut... | 4.8 - MEDIUM | 2023-07-21 | 2024-01-29 |
| CVE-2023-25836 json | There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, aut... | 5.4 - MEDIUM | 2023-07-21 | 2023-08-07 |
| CVE-2023-25835 json | There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 th... | 4.8 - MEDIUM | 2023-07-21 | 2024-01-29 |
| CVE-2023-25834 json | Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue ... | 5.4 - MEDIUM | 2023-05-09 | 2023-05-22 |
| CVE-2023-25833 json | There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authentic... | 5.4 - MEDIUM | 2023-05-10 | 2024-02-01 |
| CVE-2023-25832 json | There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attac... | 8.8 - HIGH | 2023-05-09 | 2024-02-01 |