CVE-2024-8148
CVSS 3.1 Score 6.1 of 10 (medium)
Details
Published Oct 4, 2024
Updated: Jan 30, 2025
CWE ID 601
Summary
CVE-2024-8148 is a newly disclosed vulnerability in Esri Portal for ArcGIS versions 10.8.1 to 11.2. This issue involves an unvalidated redirect, enabling a remote, unauthenticated attacker to construct malicious URLs. By successfully manipulating these URLs, an attacker can redirect victims to deceitful websites, thereby facilitating phishing attacks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Esri Portal for ArcGIS
- Portal for ArcGIS
Affected Vendors
- Esri