Unrated severityNVD Advisory· Published Dec 7, 2021· Updated Apr 10, 2025
SQL injection vulnerability in ArcGIS Server
CVE-2021-29114
Description
A SQL injection vulnerability in feature services provided by Esri ArcGIS Server 10.9 and below allows a remote, unauthenticated attacker to impact the confidentiality, integrity and availability of targeted services via specifically crafted queries.
Affected products
2<=10.9+ 1 more
- (no CPE)range: <=10.9
- (no CPE)range: All
Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.