There is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Esri
Published: 2023-07-19T15:37:14.946Z
Updated: 2024-08-02T11:32:12.370Z
Reserved: 2023-02-15T17:59:31.097Z
Link: CVE-2023-25838
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-07-19T16:15:09.540
Modified: 2024-05-21T13:20:10.257
Link: CVE-2023-25838
Redhat
No data.