CVE-2023-25848

Name of the Vulnerable Software and Affected Versions ArcGIS Enterprise Server versions 11.0 and below

Description The issue allows a remote, unauthorized attacker to submit a crafted query, potentially resulting in a low severity information disclosure. The disclosed information is limited to a single attribute in a database connection string, with no business data being disclosed.

Recommendations For ArcGIS Enterprise Server versions 11.0 and below, update to a version above 11.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.