Vigil@nce - ArcGIS Server: information disclosure via Server Side Request Forgery

March 2021 by Vigil@nce

This bulletin was written by Vigil@nce : https://vigilance.fr/?langue=2

SYNTHESIS OF THE VULNERABILITY

Impacted products: ArcGIS for Server.

Severity: 2/4.

Consequences: data reading.

Provenance: intranet client.

Confidence: confirmed by the editor (5/5).

Creation date: 28/12/2020.

DESCRIPTION OF THE VULNERABILITY

An attacker can bypass access restrictions to data via Server Side Request Forgery of ArcGIS Server, in order to obtain sensitive information.

ACCESS TO THE FULL VIGIL@NCE BULLETIN

https://vigilance.fr/vulnerability/...