CVE-2023-25839

Name of the Vulnerable Software and Affected Versions Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1

Description The issue allows a local, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected.

Recommendations For Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1, consider restricting access to the database to minimize the risk of exploitation until a patch is available. As a temporary workaround, avoid using user-input data in SQL queries to prevent potential SQL injection attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.