cvedb.io
CVE-2022-38202
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2022-12-28T17:15:10.303 · Last modified 2026-06-17T04:56:17.057

Summary

There is a path traversal vulnerability in Esri ArcGIS Server versions 10.9.1 and below. Successful exploitation may allow a remote, unauthenticated attacker traverse the file system to access files outside of the intended directory on ArcGIS Server. This could lead to the disclosure of sensitive site configuration information (not user datasets).

Affected products

esri — arcgis_server

Does this affect you?

Add your gear to cvedb and we'll alert you only when esri ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.