Computer vulnerabilities of ArcGIS Pro

Android: privilege escalation via Serialization
A local attacker, or a malicious application, can thus use the Serialization on Android OS, in order to escalate his privileges...
CVE-2015-2000, CVE-2015-2001, CVE-2015-2002, CVE-2015-2003, CVE-2015-2004, CVE-2015-2020, CVE-2015-3825-REJECT, CVE-2015-3837, VIGILANCE-VUL-17645

ArcGIS for Desktop, Server: multiple Cross Site Scripting
An attacker can trigger some Cross Site Scripting of ArcGIS for Desktop, Server, in order to execute JavaScript code in the context of the web site...
VIGILANCE-VUL-17236

OpenSSL: information disclosure via Heartbeat
An attacker can use the Heartbeat protocol on an application compiled with OpenSSL, in order to obtain sensitive information, such as keys stored in memory...
1669839, 190438, 2076225, 2962393, c04236102, c04267775, c04286049, CA20140413-01, CERTFR-2014-ALE-003, CERTFR-2014-AVI-156, CERTFR-2014-AVI-161, CERTFR-2014-AVI-162, CERTFR-2014-AVI-167, CERTFR-2014-AVI-169, CERTFR-2014-AVI-177, CERTFR-2014-AVI-178, CERTFR-2014-AVI-179, CERTFR-2014-AVI-180, CERTFR-2014-AVI-181, CERTFR-2014-AVI-198, CERTFR-2014-AVI-199, CERTFR-2014-AVI-213, cisco-sa-20140409-heartbleed, CTX140605, CVE-2014-0160, CVE-2014-0346-REJECT, DSA-2896-1, DSA-2896-2, emr_na-c04236102-7, ESA-2014-034, ESA-2014-036, ESA-2014-075, FEDORA-2014-4879, FEDORA-2014-4910, FEDORA-2014-4982, FEDORA-2014-4999, FG-IR-14-011, FreeBSD-SA-14:06.openssl, Heartbleed, HPSBMU02995, HPSBMU03025, HPSBMU03040, ICSA-14-105-03, JSA10623, MDVSA-2014:123, MDVSA-2015:062, NetBSD-SA2014-004, openSUSE-SU-2014:0492-1, openSUSE-SU-2014:0560-1, openSUSE-SU-2014:0719-1, pfSense-SA-14_04.openssl, RHSA-2014:0376-01, RHSA-2014:0377-01, RHSA-2014:0378-01, RHSA-2014:0396-01, RHSA-2014:0416-01, SA40005, SA79, SB10071, SOL15159, SPL-82696, SSA:2014-098-01, SSA-635659, SSRT101565, USN-2165-1, VIGILANCE-VUL-14534, VMSA-2014-0004, VMSA-2014-0004.1, VMSA-2014-0004.2, VMSA-2014-0004.3, VMSA-2014-0004.6, VMSA-2014-0004.7, VU#720951

ArcGIS for Server: multiple vulnerabilities
An attacker can use several vulnerabilities of ArcGIS for Server...
41468, 41497, 41498, BID-62691, BID-62889, CVE-2013-5221, CVE-2013-5222, CVE-2013-7231, CVE-2013-7232, NIM092795, NIM092820, NIM093227, NIM094447, VIGILANCE-VUL-13359

ESRI ArcGIS for Desktop: SQL injection
An attacker can use a SQL injection in ESRI ArcGIS for Desktop, in order to read or alter data...
VIGILANCE-VUL-13053

ArcGIS Server: SQL injection
An attacker can use a SQL injection in ArcGIS Server, in order to read or alter data...
NIM084249, VIGILANCE-VUL-12830

ArcGIS: information leak about database tables
An attacker who causes a server side error, can get information about the database schema...
NIM085361, VIGILANCE-VUL-12168

ArcGIS Web Server: SQL injection
An attacker can use the REST interface of the ArcGIS web server, to inject SQL commands, in order to read or alter data...
BID-56474, CVE-2012-4949, NIM084249, VIGILANCE-VUL-12128, VU#795644

ESRI ArcGIS: macro execution via MXD
An attacker can invite the victim to open a malicious MXD file with ArcGIS, in order to execute a Visual Basic macro on his computer...
40384, BID-53988, CVE-2012-1661, VIGILANCE-VUL-11708

ArcGIS: code execution via TeeChart Professional
An attacker can create a web page calling the TeeChart Professional ActiveX, which is installed by ArcGIS products, in order to execute code on computers of victims loading this page with Internet Explorer...
BID-49125, NIM074916, SS-2011-007, VIGILANCE-VUL-11517

Our database contains other pages. You can request a free trial to read them.

Display information about ArcGIS Pro:

https://www.esrifrance.fr/arcgis-pro-features.aspx