CVE-2023-25838

Severity CVSS v4.0:
Pending analysis
Type:
CWE-89 SQL Injection
Publication date:
19/07/2023
Last modified:
21/05/2024

Description

<br /> There is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected.<br /> <br />

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:esri:arcgis_insights:2022.1:*:*:*:*:*:*:*