A concerning security vulnerability, CVE-2024-25693, has been identified in Esri Portal for ArcGIS versions <= 11.2. This vulnerability, classified as a path traversal exploit, could allow a remote, authenticated attacker to traverse the file system and access files or execute code outside of the intended directory.
The severity of this vulnerability is underscored by its potential for exploitation by malicious actors to compromise sensitive data and gain unauthorized access to critical systems.Esri has responded promptly to this threat by releasing the Portal for ArcGIS Security 2024 Update 1 Patch, which addresses multiple high and medium severity vulnerabilities across affected versions, including 11.2, 11.1, 10.9.1, and 10.8.1.
This patch, released on April 4th, 2024, provides essential security enhancements to mitigate the risk posed by CVE-2024-25693 and other identified vulnerabilities.It is imperative for users and system administrators of Esri Portal for ArcGIS to take immediate action by installing the Security 2024 Update 1 Patch on each affected machine.
Failure to apply these patches promptly could leave systems vulnerable to exploitation, potentially resulting in unauthorized access, data breaches, and other adverse consequences. Mitigations for these vulnerabilities are provided in the advisory, emphasizing the importance of proactive security measures in safeguarding critical infrastructure and sensitive data.
