CVSS: 7.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-25839 – BUG-000157278 – ArcGIS Insights has a security vulnerability - desktop
https://notcve.org/view.php?id=CVE-2023-25839
There is SQL injection vulnerability in Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1 that may allow a local, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected. • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-insights-security-patches-for-arcgis-insights-2022-1-are-now-available • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-25838 – BUG-000157278 – ArcGIS Insights has a security vulnerability.
https://notcve.org/view.php?id=CVE-2023-25838
There is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected. • https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-insights-security-patches-for-arcgis-insights-2022-1-are-now-available • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •