laptop and a wrench

Bug

There are XML external entity (XXE) and Server Side Request Forgery (SSRF) vulnerabilities in Portal for ArcGIS.

Last Published: July 24, 2020 Portal for ArcGIS
Bug ID Number BUG-000132353
SubmittedJuly 18, 2020
Last ModifiedMay 31, 2023
Applies toPortal for ArcGIS
Version found10.7.1
Operating SystemWindows OS
Operating System Version2016 64 Bit
Version Fixed10.8.1
StatusFixed

Additional Information

The fix of this defect for Portal for ArcGIS 10.6.1 and Portal for ArcGIS 10.7.1 is provided in the 'Portal for ArcGIS Security 2020 Update 2 Patch' security patch. Refer to https://support.esri.com/en/download/7837.

Workaround

Refer to https://support.esri.com/en/download/7837 for the 'Portal for ArcGIS Security 2020 Update 2 Patch' security patch.

Steps to Reproduce

Bug ID: BUG-000132353

Software:

  • Portal for ArcGIS

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options

Discover more on this topic