Exposure of Resource to Wrong Sphere

CVE-2021-29115

Medium

5.3/10

Summary

An information disclosure vulnerability in the ArcGIS Service Directory in Esri ArcGIS Enterprise versions 10.9.0 and below may allows a remote attacker to view hidden field names in feature layers. This issue may reveal field names, but not not disclose features.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-668 - Exposure of Resource to Wrong Sphere

The product exposes a resource to the wrong control sphere, providing unintended actors with inappropriate access to the resource.

References

Advisory Timeline

Published Dec 07, 2021

Exposure of Resource to Wrong Sphere

CVE-2021-29115

Summary

CWE-668 - Exposure of Resource to Wrong Sphere

References

Advisory Timeline

ChainAlert

CuteBoi

Wireshark