English

Bug: Issues addressed by ArcGIS Server Security (August 2014) Patch

Description

ArcGIS 10.1 SP1 QIP, 10.2.1, and 10.2.2 for Server Security (August 2014) Patch addresses two security vulnerabilities found in ArcGIS for Server.

Vulnerability details

NIM102197 - Unauthorized access to some resources from secured services is possible in certain circumstances. This occurs in ArcGIS for Server 10.2, 10.2.1, and 10.2.2

NIM102939 - Multiple stored cross-site scripting (XSS) vulnerabilities found. This occurs in ArcGIS for Server 10.1, 10.1 SP1, 10.2, 10.2.1, and 10.2.2

Cause

These are known issues.

Workaround

There is no workaround.

Esri highly recommends all customers using ArcGIS 10.1 for Server and later apply the ArcGIS for Server Security Patch (January 2015).

Customers who are using 10.2 should first upgrade to 10.2.1 or 10.2.2.

Note:
If the ArcGIS for Server Security Patch (August 2014) has been previously installed, all fixes in this patch are included in the January 2015 patch.


Note:
Due to an issue with the 10.1 SP1 QIP setup for Windows in the Server Security (August 2014) Patch, users must uninstall the 10.1 SP1 QIP patch version before installing the ArcGIS for Server Security (January 2015) Patch.


Click this link to download the ArcGIS for Server Security (January 2015) Patch.