A SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and earlier. Specially crafted web requests can expose information that is not intended to be disclosed (not customer datasets). Web Services that use file based data sources (file Geodatabase or Shape Files or tile cached services) are unaffected by this issue.
References
Link | Resource |
---|---|
https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/security-advisory-e21-03-server-sql/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: Esri
Published: 2021-06-04T00:00:00
Updated: 2021-06-07T11:47:19
Reserved: 2021-03-23T00:00:00
Link: CVE-2021-29099
JSON object: View
NVD Information
Status : Modified
Published: 2021-06-07T12:15:08.467
Modified: 2023-11-07T03:32:28.393
Link: CVE-2021-29099
JSON object: View
Redhat Information
No data.
CWE