CASE PM-52642-19-201562:

A review is made of the vulnerability reported and that was found in the console (ASMSSpecialist); It is evident that this vulnerability is a FALSE POSITIVE, because the data marked as a Credit Card Number, corresponds to the location coordinate for a time zone. The complete data is: -140.38333333333335 and belongs to the time zone of Asia/Hebron found in an ArcGis bookstore.

This geolocation data is part of an external library of ArcGIS used in the Specialist console; The bookstore is: @esri/arcgis-html-sanitizer - v3.0.1.

To see more information about the bookstore View official documentation.