ArcGIS Blog

Administration

ArcGIS QuickCapture

Portal for ArcGIS Quick Capture Security Patch is now available

By RandallWilliams

Esri has released the Portal for ArcGIS Quick Capture Security Patch. Esri has released updates for Portal for ArcGIS that resolve this moderate-risk vulnerability here.

This patch that resolves one moderate priority security vulnerabilities across versions 10.9.1, 10.8.1, and 10.7.1.

Vulnerabilities fixed by this patch

CVE-2022-38201CWE-601

An unvalidated redirect vulnerability exists in Esri ArcGIS Quick Capture Web Designer versions 10.8.1 to 10.9.1. A remote, unauthenticated attacker can potentially induce an unsuspecting authenticated user to access an an attacker controlled domain.

Common Vulnerability Scoring System (CVSS v3.1) Details 

6.1 Base Score, 5.5 Temporal Score 

  • Exploit Code Maturity: Proof-of-Concept
  • Remediation Level: Official Fix Available 
  • Report Confidence: Confirmed by Esri 

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:P/RL:O/RC:C : 5.5

Mitigations:

  • Do not open emails or click links from unknown persons

We provide the temporal score in addition to the base score to allow our customers to better assess risk of this vulnerability to their operations.  Please see Common Vulnerability Scoring System for more information on the definition of these metrics. 

Esri Bug ID: BUG-000145824

 

Share this article