BUG-000157278 – ArcGIS Insights has a security vulnerability.
CVE-2023-25838

7.5HIGH

Key Information:

Vendor: Esri
Status: Arcgis Insights
Vendor: CVE Published:; 19 July 2023

What is CVE-2023-25838?

A SQL injection vulnerability has been identified in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise. This vulnerability could allow an authorized remote attacker to execute arbitrary SQL commands on the backend database. The exploitation of this vulnerability requires substantial effort, necessitating complex crafted input to successfully manipulate the database. Organizations using affected versions are urged to apply security patches promptly to mitigate potential risks.

Affected Version(s)

ArcGIS Insights x64 2022.1

References

https://www.esri.com/arcgis-blog/products/trust-arcgis/ad...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 19, 2023
Vulnerability Reserved
Feb 15, 2023