CVE-2022-38187 Information

Description

Prior to version 10.9.0 the sharing/rest/content/features/analyze endpoint is always accessible to anonymous users which could allow an unauthenticated attacker to induce Esri Portal for ArcGIS to read arbitrary URLs.

Reference

https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/portal-for-arcgis-security-2022-update-1-patch/