CVE-2023-25838

Name of the Vulnerable Software and Affected Versions Esri ArcGIS Insights version 2022.1 for ArcGIS Enterprise

Description The issue allows a remote, authorized attacker to execute arbitrary SQL commands against the back-end database due to a SQL injection vulnerability. The effort required to generate the crafted input to exploit this issue is complex and requires significant effort before a successful attack can be expected.

Recommendations For Esri ArcGIS Insights version 2022.1 for ArcGIS Enterprise, consider restricting access to the database to minimize the risk of exploitation until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.