VYPR
Unrated severityNVD Advisory· Published Jun 7, 2021· Updated Apr 10, 2025

There is a SQL injection vulnerability in ArcGIS Server

CVE-2021-29099

Description

A SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and earlier. Specially crafted web requests can expose information that is not intended to be disclosed (not customer datasets). Web Services that use file based data sources (file Geodatabase or Shape Files or tile cached services) are unaffected by this issue.

Affected products

2
  • Esri/Arcgis Serverllm-fuzzy2 versions
    <=10.8.1+ 1 more
    • (no CPE)range: <=10.8.1
    • (no CPE)range: 10.8.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.