CVE-2024-51962

High CVSS: 8.7

A SQL injection vulnerability in ArcGIS Server allows an EDIT operation to modify column properties in a manner that could lead to SQL injection when performed by a remote authenticated user requiring elevated, non‑administrative privileges. Exploitation is restricted to users with advanced application‑specific permissions, indicating high privileges are required. Successful exploitation would have a high impact on integrity and confidentiality, with no impact on availability.

Vendor

Esri

Product

Arcgis Server

CWE

CWE-89

Yayın Tarihi

2025-03-03 20:15:43

Güncelleme

2026-02-13 19:41:49

Source Identifier

psirt@esri.com

KEV Date Added

Kategoriler

CWE-89 Arcgis Server HIGH Esri 2025

Referanslar

https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-server-security-2025-update-1-patch/

Benzer Kayıtlar

Medium

CVE-2026-1446

There is a Cross‑Site Scripting (XSS) issue in Esri ArcGIS Pro versions 3.6.0 and earlier. ArcGIS Pro is a desktop appli…

Medium

CVE-2025-67709