CVE-2022-38199 Information

Description

A remote file download issue can occur in some capabilities of Esri ArcGIS Server web services that may in some edge cases allow a remote unauthenticated attacker to induce an unsuspecting victim to launch a process in the victim’s PATH environment. Current browsers provide users with warnings against running unsigned executables downloaded from the internet.

Reference

https://www.esri.com/arcgis-blog/products/administration/administration/arcgis-server-security-2022-update-1-patch