Name of the Vulnerable Software and Affected Versions:

Esri ArcGIS Monitor versions 2023.0 through 2024.x

Description:

The issue is a SQL injection problem that allows a remote, authenticated attacker with low privileges to improperly read limited database schema information by passing crafted queries. Although it is possible to enumerate some internal database identifiers, the impact to confidentiality is considered low because any sensitive data returned in a response is encrypted. There is no evidence of impact to integrity or availability.

Recommendations:

For Esri ArcGIS Monitor versions 2023.0 through 2024.x, update to version 2024.1 to address the issue.