CVE-2013-5221

EUVD-2013-5061
The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
3.5 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:S/C:N/I:P/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 40%
Affected Products (NVD)
VendorProductVersion
esriarcgis_server
10.1
esriarcgis_server
10.2
𝑥
= Vulnerable software versions
References
http://support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009
http://support.esri.com/en/knowledgebase/techarticles/detail/41497
http://support.esri.com/en/downloads/patches-servicepacks/view/productid/66/metaid/2009
http://support.esri.com/en/knowledgebase/techarticles/detail/41497