CVE-2021-29099

MEDIUM Year: 2021
CVSS v3 Score
5.3
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-89
View all →

Vulnerability Description

A SQL injection vulnerability exists in some configurations of ArcGIS Server versions 10.8.1 and earlier. Specially crafted web requests can expose information that is not intended to be disclosed (not customer datasets). Web Services that use file based data sources (file Geodatabase or Shape Files or tile cached services) are unaffected by this issue.

Related Vulnerabilities

CVE-2017-16733

MEDIUM
CVSS:5.3(Medium)

A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which an attacker can leverage to disclose sensitive information f...

CWE-892017

CVE-2017-16735

MEDIUM
CVSS:5.3(Medium)

A SQL Injection issue was discovered in Ecava IntegraXor v 6.1.1030.1 and prior. The SQL Injection vulnerability has been identified, which generates an error in the database log.

CWE-892017

CVE-2018-17542

MEDIUM
CVSS:5.3(Medium)

SQL Injection exists in MailSherlock before 1.5.235 for OAKlouds allows an unauthenticated user to extract the subjects of the emails of other users within the enterprise via the select_mid parameter ...

CWE-892018

CVE-2018-5443

MEDIUM
CVSS:5.3(Medium)

A SQL Injection issue was discovered in Advantech WebAccess/SCADA versions prior to V8.2_20170817. WebAccess/SCADA does not properly sanitize its inputs for SQL commands.

CWE-892018

CVE-2019-14430

MEDIUM
CVSS:5.3(Medium)

plugin/Audit/Objects/AuditTable.php in YouPHPTube through 7.2 allows SQL Injection.

CWE-892019

CVE-2019-3797

MEDIUM
CVSS:5.3(Medium)

This affects Spring Data JPA in versions up to and including 2.1.5, 2.0.13 and 1.11.19. Derived queries using any of the predicates ‘startingWith’, ‘endingWith’ or ‘containing’ could return more resul...

CWE-892019