CVE-2021-29093
ArcGIS Server image service and raster analytics security update: use-after-free
In short
A memory error in ArcGIS Server allows an authenticated attacker with special permissions to run malicious code by uploading a specially crafted file. The flaw exists because the software tries to use memory that has already been freed.
Technical detail
Use-after-free vulnerability in ArcGIS Server 10.8.1 and earlier triggered during file parsing. Attack vector requires authentication and specialized permissions; successful exploitation results in arbitrary code execution with service account privileges. The vulnerability stems from improper memory management of parsed file data.
Summary generated and translated by AI from the official description.
A use-after-free vulnerability when parsing a specially crafted file in Esri ArcGIS Server 10.8.1 (and earlier) allows an authenticated attacker with specialized permissions to achieve arbitrary code execution in the context of the service account.
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
Affected products
Esri · ArcGIS ServerWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →