cbcvebase.
CVE-2023-25848
published 2023-08-25

CVE-2023-25848: ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query…

PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
0.24%
15.0th percentile
ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue. The information disclosed is limited to a single attribute in a database connection string. No business data is disclosed.

Affected

5 ranges
VendorProductVersion rangeFixed in
esriarcgis_enterprise_server
esriarcgis_enterprise_server
esriarcgis_enterprise_server
esriarcgis_enterprise_server
esriarcgis_server10.8.1 – 11.0
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.