VYPR
Unrated severityNVD Advisory· Published Jul 19, 2023· Updated Oct 25, 2024

BUG-000157278 – ArcGIS Insights has a security vulnerability - desktop

CVE-2023-25839

Description

There is SQL injection vulnerability in Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1 that may allow a local, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected.

Affected products

2
  • Esri/ArcGIS Insightsllm-fuzzy2 versions
    =2022.1+ 1 more
    • (no CPE)range: =2022.1
    • (no CPE)range: 2022.1

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.