Unrated severityNVD Advisory· Published Jun 7, 2021· Updated Apr 10, 2025
There is a SQL injection vulnerability in ArcGIS Server
CVE-2021-29099
Description
A SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and earlier. Specially crafted web requests can expose information that is not intended to be disclosed (not customer datasets). Web Services that use file based data sources (file Geodatabase or Shape Files or tile cached services) are unaffected by this issue.
Affected products
2<=10.8.1+ 1 more
- (no CPE)range: <=10.8.1
- (no CPE)range: 10.8.1
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.