Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
[#BUG-000172669 ArcGIS Monitor has a security vulnerability]
Vulnerability Description
There is a SQL injection issue in Esri ArcGIS Monitor versions 2023.0 through 2024.x on Windows and Linux that allows a remote, authenticated attacker with low privileges to improperly read limited database schema information by passing crafted queries. While it is possible to enumerate some internal database identifiers, the impact to the confidentiality vector is "LOW' because any sensitive data returned in a response is encrypted. There is no evidence of impact to the integrity or availability vectors. This issue is addressed in ArcGIS Monitor 2024.1.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
SQL命令中使用的特殊元素转义处理不恰当(SQL注入)
Vulnerability Title
Esri ArcGIS SQL注入漏洞
Vulnerability Description
Esri ArcGIS是Esri公司的一款功能强大的桌面 GIS 软件。 Esri ArcGIS Monitor 2023.0至2024.x版本存在SQL注入漏洞,该漏洞源于允许低权限用户读取有限数据库模式信息。
CVSS Information
N/A
Vulnerability Type
N/A