There is an improper access control vulnerability in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Portal_for_arcgis | Esri | * | 10.8.1 (including) |