CVE-2024-37694

27 Jun 2024, 20:15

Type	Values Removed	Values Added
References	{'url': 'https://github.com/NSSCYCTFER/SRC-CVE', 'source': 'psirt@esri.com'}
Summary	(es) ArcGIS Enterprise Server 10.8.0 permite a un atacante remoto obtener información confidencial porque /arcgis/rest/services no requiere autenticación.
Summary	(en) ArcGIS Enterprise Server 10.8.0 allows a remote attacker to obtain sensitive information because /arcgis/rest/services does not require authentication. NOTE: the supplier disputes the vulnerability information, and also objects to the assignment process (unsupported when assigned from incorrect CNA).	(en) Rejected reason: This submission has been rejected by the CNA of record. Authentication is user configurable as described in our documentation.     https://enterprise.arcgis.com/en/server/latest/administer/windows/configuring-arcgis-server-security.htm

---

27 Jun 2024, 17:15

Type	Values Removed	Values Added
References	() https://github.com/NSSCYCTFER/SRC-CVE -	() https://github.com/NSSCYCTFER/SRC-CVE -

---

27 Jun 2024, 16:15

Type	Values Removed	Values Added
Summary	(en) ArcGIS Enterprise Server 10.8.0 allows a remote attacker to obtain sensitive information because /arcgis/rest/services does not require authentication.	(en) ArcGIS Enterprise Server 10.8.0 allows a remote attacker to obtain sensitive information because /arcgis/rest/services does not require authentication. NOTE: the supplier disputes the vulnerability information, and also objects to the assignment process (unsupported when assigned from incorrect CNA).

---

24 Jun 2024, 12:57

Type	Values Removed	Values Added
Summary		(es) ArcGIS Enterprise Server 10.8.0 permite a un atacante remoto obtener información confidencial porque /arcgis/rest/services no requiere autenticación.

---

21 Jun 2024, 22:15

Type	Values Removed	Values Added
New CVE

---