threat
engine
.sh
Back
·
··:··
Home
/
Product
/
esri portal for arcgis
Product
esri portal for arcgis
73 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-33519
all versions
An incorrect authorization vulnerability exists in Esri Portal for ArcGIS 11.4, 11.5 and 12.0 on Windows, Linux and Kubernetes tha
9.8
CRITICAL
CVE-2026-33518
all versions
An incorrect privilege assignment vulnerability exists in Esri Portal for ArcGIS 11.5 in Windows and Linux that allows highly priv
9.8
CRITICAL
CVE-2025-57879
all versions
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated a
6.1
MEDIUM
CVE-2025-57878
all versions
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated a
6.1
MEDIUM
CVE-2025-57877
all versions
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authentic
4.8
MEDIUM
CVE-2025-57876
all versions
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, authentic
4.8
MEDIUM
CVE-2025-57875
all versions
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authentic
4.8
MEDIUM
CVE-2025-57874
all versions
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authentic
4.8
MEDIUM
CVE-2025-57873
all versions
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authentic
4.8
MEDIUM
CVE-2025-57872
all versions
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote, unauthenticated a
6.1
MEDIUM
CVE-2025-57871
all versions
There is a reflected cross site scripting vulnerability in Esri Portal for ArcGIS 11.4 and below that may allow a remote authentic
4.8
MEDIUM
CVE-2025-55107
>= 10.9.1 and <= 11.4
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 - 11.4 that ma
4.8
MEDIUM
CVE-2025-55106
>= 10.9.1 and <= 11.4
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 - 11.4 that may al
4.8
MEDIUM
CVE-2025-55105
>= 10.9.1 and <= 11.4
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 - 11.4 that may al
4.8
MEDIUM
CVE-2025-55104
>= 10.9.1 and <= 11.4
A stored cross-site scripting (XSS) vulnerability exists ArcGIS HUB and ArcGIS Enterprise Sites which allows an authenticated user
4.8
MEDIUM
CVE-2025-55103
all versions
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 10.9.1 - 11.4 that may al
4.8
MEDIUM
CVE-2025-4967
<= 11.4
Esri Portal for ArcGIS 11.4 and prior allows a remote, unauthenticated attacker to bypass the Portal’s SSRF protections.
9.1
CRITICAL
CVE-2025-2538
<= 11.4
A hardcoded credential vulnerability exists in a specific deployment pattern for Esri Portal for ArcGIS versions 11.4 and below th
9.8
CRITICAL
CVE-2024-8149
all versions
There is a reflected Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.1 and 11.2 that may allow a
4.6
MEDIUM
CVE-2024-8148
all versions
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated a
6.1
MEDIUM
CVE-2024-38040
all versions
There is a local file inclusion vulnerability in Esri Portal for ArcGIS 11.2 and below that may allow a remote, unauthenticated at
7.5
HIGH
CVE-2024-38039
<= 11.0
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated
5.4
MEDIUM
CVE-2024-38038
all versions
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 which may allow a remote, unauthenticated attacker
6.1
MEDIUM
CVE-2024-38037
all versions
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated a
6.1
MEDIUM
CVE-2024-38036
all versions
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticat
5.4
MEDIUM
CVE-2024-25707
<= 11.1
There is a reflected cross site scripting in Esri Portal for ArcGIS 11.1 and below on Windows and Linux x64 allows a remote authen
4.8
MEDIUM
CVE-2024-25702
>= 10.8.1 and <= 11.1
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Sites versions 11.1 and below that may a
4.8
MEDIUM
CVE-2024-25701
>= 10.8.1 and <= 11.1
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise Experience Builder versions 11.1 and bel
4.8
MEDIUM
CVE-2024-25694
>= 10.8.1 and <= 10.9.1
There is a stored Cross-site Scripting vulnerability in Esri Portal for ArcGIS Enterprise versions 11.1 and below that may allow a
4.8
MEDIUM
CVE-2024-25691
all versions
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 11.1 and below which may allow a remote, unauthenticated
6.1
MEDIUM
CVE-2024-25709
all versions
There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS versions 11.2 and below that may allow a re
6.1
MEDIUM
CVE-2024-25706
<= 11.0
There is an HTML injection vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacke
6.1
MEDIUM
CVE-2024-25705
<= 11.1
There is a cross‑site scripting (XSS) vulnerability in Esri Portal for ArcGIS Experience Builder versions 11.1 and below on Wind
5.4
MEDIUM
CVE-2024-25699
>= 10.8.1 and <= 11.2
There is a difficult‑to‑exploit improper authentication issue in the Home application for Esri Portal for ArcGIS versions 11.2
8.5
HIGH
CVE-2024-25698
<= 11.1
There is a reflected cross site scripting vulnerability in the home application in Esri Portal for ArcGIS 11.1 and below on Window
6.1
MEDIUM
CVE-2024-25697
<= 11.1
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.1 and below that may allow a remote, authentica
5.4
MEDIUM
CVE-2024-25696
<= 11.0
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.0 and below that may allow a remote, authenticat
4.8
MEDIUM
CVE-2024-25695
<= 11.2
There is a Cross-site Scripting vulnerability in Portal for ArcGIS in versions 11.2 and below that may allow a remote, authenticat
7.2
HIGH
CVE-2024-25693
<= 11.2
There is a path traversal in Esri Portal for ArcGIS versions <= 11.2. Successful exploitation may allow a remote, authenticated a
9.9
CRITICAL
CVE-2024-25692
<= 11.1
There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.1 and below that may in some cases allow
5.4
MEDIUM
CVE-2024-25690
<= 11.1
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.1 and below that may allow a remote, unauthenticate
4.7
MEDIUM
CVE-2023-25837
>= 10.8.1 and <= 10.9
There is a Cross‑Site Scripting (XSS) vulnerability in Esri ArcGIS Enterprise Sites versions 10.9 and below that may allow a rem
8.4
HIGH
CVE-2023-25836
>= 10.8.1 and <= 10.9
There is a Cross-site Scripting vulnerability in Esri Portal for ArcGIS Sites in versions 10.9 and below that may allow a remote,
5.4
MEDIUM
CVE-2023-25835
>= 10.8.1 and <= 11.1
There is a stored Cross‑Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS Sites versions 11.1 and below that may allo
8.4
HIGH
CVE-2023-25833
<= 11.0
There is an HTML injection vulnerability in Esri Portal for ArcGIS versions 11.0 and below that may allow a remote, authenticated
5.4
MEDIUM
CVE-2023-25832
<= 11.0
There is a cross-site-request forgery vulnerability in Esri Portal for ArcGIS Versions 11.0 and below that may allow an attacker t
8.8
HIGH
CVE-2023-25831
all versions
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and below which may allow a remote, unauthenticate
6.1
MEDIUM
CVE-2023-25830
all versions
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1and before which may allow a remote, unauthenticat
6.1
MEDIUM
CVE-2023-25829
all versions
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated a
6.1
MEDIUM
CVE-2023-25834
>= 10.7.1 and <= 10.9.1
Changes to user permissions in Portal for ArcGIS 10.9.1 and below are incompletely applied in specific use cases. This issue may a
5.4
MEDIUM
CVE-2022-38212
<= 10.8.1
Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and bel
7.5
HIGH
CVE-2022-38211
<= 10.9.1
Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.9.1 and bel
7.5
HIGH
CVE-2022-38210
<= 10.9.1
There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below that may allow a remote, una
6.1
MEDIUM
CVE-2022-38209
<= 10.9.1
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote, unauthenticat
6.1
MEDIUM
CVE-2022-38208
<= 11.0
There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11 and below that may allow a remote, unauthenticated att
6.1
MEDIUM
CVE-2022-38207
all versions
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote remote, unaut
6.1
MEDIUM
CVE-2022-38206
<= 10.9.1
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below which may allow a remote remote, unauth
6.1
MEDIUM
CVE-2022-38205
<= 10.9.1
In some non-default installations of Esri Portal for ArcGIS versions 10.9.1 and below, a directory traversal issue may allow a rem
8.6
HIGH
CVE-2022-38204
all versions
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthentica
6.1
MEDIUM
CVE-2022-38203
<= 10.8.1
Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and bel
7.5
HIGH
CVE-2022-38189
all versions
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and
5.4
MEDIUM
CVE-2022-38184
<= 10.8.1
There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unaut
7.5
HIGH
CVE-2022-38194
all versions
In Esri Portal for ArcGIS versions 10.8.1, a system property is not properly encrypted. This may lead to a local user reading sens
6.7
MEDIUM
CVE-2022-38193
<= 10.8.1
There is a code injection vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticat
6.1
MEDIUM
CVE-2022-38192
<= 10.8.1
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS may allow a remote, authenticated attacker to pass and
6.1
MEDIUM
CVE-2022-38191
<= 10.9
There is an HTML injection issue in Esri Portal for ArcGIS versions 10.9.0 and below which may allow a remote, authenticated attac
6.1
MEDIUM
CVE-2022-38190
<= 10.8.1
A stored Cross Site Scripting (XSS) vulnerability in Esri Portal for ArcGIS configurable apps may allow a remote, unauthenticated
6.1
MEDIUM
CVE-2022-38188
<= 10.8.1
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 which may allow a remote attacker able to convinc
6.1
MEDIUM
CVE-2022-38187
< 10.9
Prior to version 10.9.0, the sharing/rest/content/features/analyze endpoint is always accessible to anonymous users, which could a
7.5
HIGH
CVE-2022-38186
<= 10.8.1
There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able
6.1
MEDIUM
CVE-2021-29110
<= 10.9
Stored cross-site scripting (XSS) issue in Esri Portal for ArcGIS may allow a remote unauthenticated attacker to pass and store ma
5.4
MEDIUM
CVE-2021-29109
<= 10.9
A reflected XSS vulnerability in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user
6.1
MEDIUM
CVE-2021-29108
<= 10.9
There is an privilege escalation vulnerability in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below t
8.8
HIGH
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin