CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-25838

There is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 69.4%

CVSS Severity

CVSS v3 Score 7.5

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-insights-security-patches-for-arcgis-insights-2022-1-are-now-available/
https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-insights-security-patches-for-arcgis-insights-2022-1-are-now-available/

Products affected by CVE-2023-25838

Esri » Arcgis Insights » Version: 2022.1

cpe:2.3:a:esri:arcgis_insights:2022.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-25838

Products

Pricing

Contact Us