The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges. Rated low severity (CVSS 3.5), this vulnerability is remotely exploitable.
Information Disclosure
Arcgis Server
NVD
CVSS 2.0
3.5
EPSS
0.2%