Known Vulnerabilities for products from Esri
Listed below are 20 of the newest known vulnerabilities associated with the vendor "Esri".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-33519 json | Not Provided | 2026-04-21 | 2026-04-22 | |
| CVE-2026-33518 json | Not Provided | 2026-04-21 | 2026-04-22 | |
| CVE-2023-25848 json | ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthoriz... | 5.3 - MEDIUM | 2023-08-25 | 2023-08-31 |
| CVE-2023-25841 json | There is a stored Cross-site Scripting vulnerability in Esri ArcGIS Server versions 10.8.1 – 11.0 on Windows and Linux pla... | 6.1 - MEDIUM | 2023-07-21 | 2023-08-02 |
| CVE-2023-25840 json | There is a Cross-site Scripting vulnerability in ArcGIS Server in versions 10.8.1 – 11.1 that may allow a remote, authent... | 3.4 - LOW | 2023-07-21 | 2023-08-01 |
| CVE-2023-25839 json | There is SQL injection vulnerability in Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1 that may allow a lo... | 7 - HIGH | 2023-07-19 | 2023-07-27 |
| CVE-2023-25838 json | There is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, auth... | 7.5 - HIGH | 2023-07-19 | 2023-07-27 |
| CVE-2023-25837 json | There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, aut... | 4.8 - MEDIUM | 2023-07-21 | 2024-01-29 |
| CVE-2023-25836 json | There is a Cross-site Scripting vulnerability in Esri Portal Sites in versions 10.8.1 – 10.9 that may allow a remote, aut... | 5.4 - MEDIUM | 2023-07-21 | 2023-08-07 |
| CVE-2023-25835 json | There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.8.1 – 11.1 th... | 4.8 - MEDIUM | 2023-07-21 | 2024-01-29 |
| CVE-2023-25834 json | Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue ... | 5.4 - MEDIUM | 2023-05-09 | 2023-05-22 |
| CVE-2023-25833 json | There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authentic... | 5.4 - MEDIUM | 2023-05-10 | 2024-02-01 |
| CVE-2023-25832 json | There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attac... | 8.8 - HIGH | 2023-05-09 | 2024-02-01 |
| CVE-2023-25831 json | There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote,... | 6.1 - MEDIUM | 2023-05-09 | 2023-05-16 |
| CVE-2023-25830 json | There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1, 10.8.1 and 10.7.1 which may allow a remote,... | 6.1 - MEDIUM | 2023-05-09 | 2023-05-15 |
| CVE-2023-25829 json | There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and 10.9.1 that may allow a remote, unauthentic... | 6.1 - MEDIUM | 2023-05-09 | 2023-05-15 |
| CVE-2022-38212 json | Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 an... | 7.5 - HIGH | 2022-12-29 | 2023-01-09 |
| CVE-2022-38211 json | Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.9.1 an... | 7.5 - HIGH | 2022-12-29 | 2023-01-09 |
| CVE-2022-38210 json | There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below that may allow a remote... | 6.1 - MEDIUM | 2022-12-29 | 2023-09-15 |
| CVE-2022-38209 json | There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthen... | 6.1 - MEDIUM | 2022-12-29 | 2023-01-05 |
Known software with vulnerabilities from Esri
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Esri | Arcgis | - |
| Application | Esri | Arcgis 3d Analyst | - |
| Application | Esri | Arcgis Arcsde | - |
| Application | Esri | Arcgis Enterprise | 10.6.1 |
| Application | Esri | Arcgis For Server | 10.1.1 |
| Application | Esri | Arcgis Runtime Toolkit | 10.2.0 |
| Application | Esri | Arcgis Server | 10.2.2 |
| Application | Esri | Arcgis Spatial Analyst | - |
| Application | Esri | Arcinfo Workstation | - |
| Application | Esri | Arcmap | 9.0 |
| Application | Esri | Arcpad | - |
| Application | Esri | Arcsde | - |
| Application | Esri | Arcview | - |