CVE-2023-25848

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Aug 25, 2023
Updated: Aug 31, 2023
CWE ID 319

Summary

CVE-2023-25848 is a newly discovered information disclosure vulnerability affecting ArcGIS Enterprise Server versions 11.0 and below. An unauthorized attacker can submit a crafted query, leading to the disclosure of a single attribute in a database connection string. Despite the low severity, this vulnerability poses a risk, as it could potentially reveal sensitive information related to the server configuration. No business data is disclosed in this vulnerability. Organizations using the affected versions are advised to update their servers as soon as possible to mitigate this risk.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share