SQL Injection Vulnerability in ArcGIS Server by Esri
CVE-2024-51962
8.7HIGH
What is CVE-2024-51962?
A SQL injection vulnerability has been identified in ArcGIS Server allowing remote authenticated users with elevated privileges to perform unauthorized database modifications through an EDIT operation. This flaw can compromise the integrity and confidentiality of data managed by the server, enabling potential manipulation of crucial database information while having no impact on the server's availability.
Affected Version(s)
ArcGIS Server Windows all <= 11.3
References
CVSS V3.1
Score:
8.7
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
High
User Interaction:
None
Scope:
Changed
Timeline
Vulnerability published
Vulnerability Reserved