Lucene search

K
vulnrichmentEsriVULNRICHMENT:CVE-2023-25839
HistoryJul 19, 2023 - 3:45 p.m.

CVE-2023-25839 BUG-000157278 – ArcGIS Insights has a security vulnerability - desktop

2023-07-1915:45:47
CWE-89
Esri
github.com
arcgis insights
sql injection
vulnerability
desktop
mac
windows
version 2022.1
attacker
database
exploit

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

There is SQL injection vulnerability in Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1 that may allow a local, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:esri:arcgis_insights:2022.1:*:*:*:*:arcgis_enterprise:*:*"
    ],
    "vendor": "esri",
    "product": "arcgis_insights",
    "versions": [
      {
        "status": "affected",
        "version": "2022.1"
      }
    ],
    "defaultStatus": "unknown"
  }
]

CVSS3

7

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

8.6

Confidence

Low

SSVC

Exploitation

none

Automatable

no

Technical Impact

total

Related for VULNRICHMENT:CVE-2023-25839