ArcGIS Blog

Administration

ArcMap

ArcReader General Data Frame Security Update

By RandallWilliams and Michael Young

Esri has released ArcReader 10.8.2, which resolves two low and one moderate-risk vulnerabilities in ArcReader.

ArcReader 10.8.2 is the last release. We encourage users of ArcReader to transition to the updated alternatives for publishing and sharing map packages with ArcGIS Pro, and workflows using the ArcGIS Pro version of the ArcGIS Publisher extension in conjunction with ArcGIS Field Maps.

In the coming months, the ArcReader product website will be removed along with publicly available downloads. ArcReader software will continue to be available as a download from My Esri. The ArcReader online documentation will remain in place throughout the remainder of the ArcReader Product Support Life Cycle.

Recommendation
We encourage users of ArcReader to transition to the updated alternatives for publishing and sharing map packages with ArcGIS Pro, and workflows using the ArcGIS Pro version of the ArcGIS Publisher extension in conjunction with ArcGIS Field Maps.

Vulnerability Details

We provide the temporal score in addition to the base score to allow our customers to better assess risk of this vulnerability to their operations. Please see Common Vulnerability Scoring System for more information on the definition of these metrics.

  • CVE-2021-29117 – Use-After-Free – CWE-416 CVSS 7.8

Common Vulnerability Scoring System (CVSS v3.1) Details

7.8 Base Score, 6.8 Temporal Score

Exploit Code Maturity: Unproven
Remediation Level: Official Fix Available
Report Confidence: Confirmed by Esri

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C

  • CVE-2021-29112 – Out-of-Bounds Read  CWE-125 – CVSS 3.3

Common Vulnerability Scoring System (CVSS v3.1) Details

3.3 Base Score, Temporal Score 2.9

Exploit Code Maturity: Unproven
Remediation Level: Official Fix Available
Report Confidence: Confirmed by Esri

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

  • CVE-2021-29118 – Out-of-Bounds Read  CWE-125 – CVSS 3.3

Common Vulnerability Scoring System (CVSS v3.1) Details

3.3 Base Score, Temporal Score 2.9

Exploit Code Maturity: Unproven
Remediation Level: Official Fix Available
Report Confidence: Confirmed by Esri

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

 

 

Share this article

Subscribe
Notify of
0 Comments
Oldest
Newest
Inline Feedbacks
View all comments