CVE-2021-29105 : What You Need to Know

A stored Cross Site Scripting (XSS) vulnerability has been identified in Esri ArcGIS Server version 10.8.1 and below, allowing a remote authenticated attacker to store malicious strings in the ArcGIS Services Directory.

Understanding CVE-2021-29105

This CVE refers to a stored XSS vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and earlier.

What is CVE-2021-29105?

A stored Cross Site Scripting (XSS) vulnerability in Esri ArcGIS Server Services Directory version 10.8.1 and below may allow a remote authenticated attacker to pass and store malicious strings in the ArcGIS Services Directory.

The Impact of CVE-2021-29105

The vulnerability can result in unauthorized access and potential data manipulation in the ArcGIS Services Directory, impacting the confidentiality and integrity of data.

Technical Details of CVE-2021-29105

This section provides technical details on the vulnerability.

Vulnerability Description

The vulnerability allows remote authenticated attackers to store malicious scripts in the ArcGIS Services Directory.

Affected Systems and Versions

Esri ArcGIS Server version 10.8.1 and below are affected by this vulnerability.

Exploitation Mechanism

Attackers with remote authenticated access can exploit this vulnerability by passing and storing malicious strings in the ArcGIS Services Directory.

Mitigation and Prevention

Protecting your systems from CVE-2021-29105 is crucial following the discovery of this vulnerability.

Immediate Steps to Take

Update to version 10.9.0 or later to mitigate the risk of this vulnerability.

Long-Term Security Practices

Regularly monitor and update your ArcGIS Server to the latest version to prevent security vulnerabilities.

Patching and Updates

Esri has released a patch to address this vulnerability. Ensure you apply the patch promptly to secure your systems.