CVE-2024-51962 | SQL injection vulnerability in ArcGIS Server
A SQL injection vulnerability in ArcGIS Server allows an EDIT operation to modify column properties in a manner that could lead to SQL injection when performed by a remote authenticated user requiring elevated, non‑administrative privileges. Exploitation is restricted to users with advanced application‑specific permissions, indicating high privileges are required. Successful exploitation would have a high impact on integrity and confidentiality, with no impact on availability.
Conclusion & alert: CVE-2024-51962 is rated Moderate Risk (48.2/100): CVSS High severity, with low exploitation likelihood (EPSS 0.47%).Mandatory action: Review affected assets and schedule remediation.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
Exploit prediction scoring system (EPSS) score for CVE-2024-51962
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).