VYPR
Unrated severityNVD Advisory· Published Dec 7, 2021· Updated Apr 10, 2025

SQL injection vulnerability in ArcGIS Server

CVE-2021-29114

Description

A SQL injection vulnerability in feature services provided by Esri ArcGIS Server 10.9 and below allows a remote, unauthenticated attacker to impact the confidentiality, integrity and availability of targeted services via specifically crafted queries.

Affected products

2
  • Esri/Arcgis Serverllm-fuzzy2 versions
    <=10.9+ 1 more
    • (no CPE)range: <=10.9
    • (no CPE)range: All

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.