cvedb.io
CVE-2024-51961
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2025-03-03T20:15:42.863 · Last modified 2026-06-17T08:06:37.403

Summary

There is a local file inclusion vulnerability in ArcGIS Server 11.3 and below that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files from the remote server.  Due to the nature of the files accessible in this vulnerability the impact to confidentiality is High there is no impact to both integrity or availability.

Affected products

esri — arcgis_server

Does this affect you?

Add your gear to cvedb and we'll alert you only when esri ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.