Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Tue, 07 Jul 2026 17:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| First Time appeared |
Esri
Esri portal For Arcgis |
|
| Vendors & Products |
Esri
Esri portal For Arcgis |
Tue, 07 Jul 2026 17:30:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Metrics |
ssvc
|
Tue, 07 Jul 2026 16:45:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | A Weak Password Recovery Mechanism for Forgotten Password exists in Esri Portal for ArcGIS versions 12.1 and earlier on Windows, Linux and Kubernetes. A remote, unauthorized attacker may assume ownership of a user’s account by manipulating this mechanism. ArcGIS Administrators should configure an email server with ArcGIS Enterprise to facilitate user self-service password recovery. The ability for an administrator to reset a user’s password remains unchanged. | |
| Title | Weak Password Recovery Mechanism in Portal for ArcGIS | |
| Weaknesses | CWE-640 | |
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: Esri
Published:
Updated: 2026-07-07T17:08:03.558Z
Reserved: 2026-06-23T16:51:44.189Z
Link: CVE-2026-13020
Updated: 2026-07-07T17:07:56.374Z
No data.
No data.
OpenCVE Enrichment
Updated: 2026-07-07T17:30:17Z