BUG

Issues addressed by ArcGIS Server Security (August 2014) Patch

Last Published: April 25, 2020

Description

ArcGIS 10.1 SP1 QIP, 10.2.1, and 10.2.2 for Server Security (August 2014) Patch addresses two security vulnerabilities found in ArcGIS for Server.

Vulnerability details

NIM102197 - Unauthorized access to some resources from secured services is possible in certain circumstances. This occurs in ArcGIS for Server 10.2, 10.2.1, and 10.2.2

NIM102939 - Multiple stored cross-site scripting (XSS) vulnerabilities found. This occurs in ArcGIS for Server 10.1, 10.1 SP1, 10.2, 10.2.1, and 10.2.2

Cause

These are known issues.

Workaround

There is no workaround.

Esri highly recommends all customers using ArcGIS 10.1 for Server and later apply the ArcGIS for Server Security Patch (January 2015).

Customers who are using 10.2 should first upgrade to 10.2.1 or 10.2.2.

Note:
If the ArcGIS for Server Security Patch (August 2014) has been previously installed, all fixes in this patch are included in the January 2015 patch.


Note:
Due to an issue with the 10.1 SP1 QIP setup for Windows in the Server Security (August 2014) Patch, users must uninstall the 10.1 SP1 QIP patch version before installing the ArcGIS for Server Security (January 2015) Patch.


Click this link to download the ArcGIS for Server Security (January 2015) Patch.

    Article ID:000011860

    Software:
    • ArcGIS Server

    Get help from ArcGIS experts

    Contact technical support

    Download the Esri Support App

    Go to download options

    Discover more on this topic

    Esri Community

    Search for related information

    Training

    Find training related to this topic

    ArcGIS Ideas

    Explore ideas and give feedback