CVE-2022-38197 Information

Description

Esri ArcGIS Server versions 10.9.1 and below have an unvalidated redirect issue that may allow a remote unauthenticated attacker to phish a user into accessing an attacker controlled website via a crafted query parameter.

Reference

https://www.esri.com/arcgis-blog/products/administration/administration/arcgis-server-security-2022-update-1-patch