Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-4949

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2012-4949
Last Modified 01 Mar 2013 11:46:26
Published 14 Nov 2012 07:30:59
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2012-4949

Summary

SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service.

Vulnerable Systems

Application

  • Esri Arcgis 10.1


References

CERT-VN - VU#795644

XF - esriarcgis-where-sql-injection(79977)


Last Updated: 27 May 2016 10:47:22