ArcGIS Blog

Administration

ArcGIS Trust Center

Jun 29, 2023

ArcGIS Insights Security Patches for ArcGIS Insights 2022.1 are now available

By RandallWilliams and Mark Bierman

Esri has released ArcGIS Insights Security Patches for ArcGIS Insights 2022.1. These patches resolve high severity security vulnerabilities in ArcGIS Insights Desktop (Windows and Mac), ArcGIS Enterprise on Windows, ArcGIS Server and Portal for ArcGIS on Linux either as the base deployment or the primary ArcGIS connection.

These patches were released on June 23, 2023 and are available here.

We provide Common Vulnerability Scoring System v.3.1 (CVSS) scores to allow our customers to better assess risk of these vulnerabilities to their operations.  Both base and modified temporal scores are provided to reflect the availability of an official patch.

Vulnerabilities fixed by this patch:

There is SQL injection vulnerability in Esri ArcGIS Insights 2022.1 for ArcGIS Enterprise and that may allow a remote, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected.

There is SQL injection vulnerability in Esri ArcGIS Insights Desktop for Mac and Windows version 2022.1  that may allow a local, authorized attacker to execute arbitrary SQL commands against the back-end database. The effort required to generate the crafted input required to exploit this issue is complex and requires significant effort before a successful attack can be expected.

Install the provided patches to remediate these issues.

 

Share this article

administration arcgis insights data security security patch ssamlymlgp vulnerability arcgis trust center

Commenting is not enabled for this article.