CVE-2023-25838
Severity CVSS v4.0:
Pending analysis
Type:
CWE-89
SQL Injection
Publication date:
19/07/2023
Last modified:
21/05/2024
Description
<br />
There is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected.<br />
<br />
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:esri:arcgis_insights:2022.1:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page