CVE-2023-25848
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Summary
CVE-2023-25848 is a newly discovered information disclosure vulnerability affecting ArcGIS Enterprise Server versions 11.0 and below. An unauthorized attacker can submit a crafted query, leading to the disclosure of a single attribute in a database connection string. Despite the low severity, this vulnerability poses a risk, as it could potentially reveal sensitive information related to the server configuration. No business data is disclosed in this vulnerability. Organizations using the affected versions are advised to update their servers as soon as possible to mitigate this risk.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Vendors
- Esri