ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue.

The information disclosed is limited to a single attribute in a database connection string. No business data is disclosed.

Related CVEs

CVE-2023-25848

Key Information

GHSA ID

GHSA-mwg5-7ghx-pwgc

Published

August 25, 2023 9:30 PM

Last Modified

April 4, 2024 7:13 AM

CVSS Score

5.0 /10

Primary Ecosystem

Unknown

Primary Package

Unknown

GitHub Reviewed

✗ No

Dataset

Last updated: September 11, 2025 6:35 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.