laptop and a wrench

Bug

There is a Server Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager. Note This security patch addresses multiple security vulnerabilities found in ArcGIS Server. Esri recommends that all customers using ArcGIS Server 10.8.1, 10.7.1, and 10.6.1 apply this patch.

Last Published: March 2, 2021 ArcGIS GIS Server
Bug ID Number BUG-000137658
SubmittedFebruary 23, 2021
Last ModifiedMay 31, 2023
Applies toArcGIS GIS Server
Version found10.8.1
Operating SystemWindows OS
Operating System VersionN/A
Version Fixed10.9
StatusFixed

Workaround

The ArcGIS Server Security 2021 Update 1 Patch is now live on the support site. The URL is:

https://support.esri.com/en/download/7879

Steps to Reproduce

Bug ID: BUG-000137658

Software:

  • ArcGIS GIS Server

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options

Discover more on this topic