CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-25839

There is SQL injection vulnerability in Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1 that may allow a local, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 19.4%

CVSS Severity

CVSS v3 Score 7.0

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-insights-security-patches-for-arcgis-insights-2022-1-are-now-available/
https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-insights-security-patches-for-arcgis-insights-2022-1-are-now-available/

Products affected by CVE-2023-25839

Esri » Arcgis Insights » Version: 2022.1

cpe:2.3:a:esri:arcgis_insights:2022.1
Apple » Macos » Version: N/A

cpe:2.3:o:apple:macos:-
Microsoft » Windows » Version: N/A

cpe:2.3:o:microsoft:windows:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-25839

Products

Pricing

Contact Us