2 matches found
CVE-2021-29099
ArcGIS Server (versions 10.8.1 and earlier) has a SQL injection vulnerability that can expose sensitive information via specially crafted requests. Web Services using file-based data sources are unaffected. Multiple sources (NVD, CNVD, NCSC) reference ESRI advisories and fixes; remediation is to ...
CVE-2021-29099 There is a SQL injection vulnerability in ArcGIS Server
A SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and earlier. Specially crafted web requests can expose information that is not intended to be disclosed not customer datasets. Web Services that use file based data sources file Geodatabase or Shape Files...