laptop and a wrench


ArcGIS Server has a Server Side Request Forgery (SSRF) security vulnerability.

Last Published: January 28, 2020 ArcGIS GIS Server
Bug ID Number BUG-000128060
SubmittedJanuary 21, 2020
Last ModifiedMay 31, 2023
Applies toArcGIS GIS Server
Version found10.7.1
Operating SystemWindows OS
Operating System Version2016 64 Bit
Version Fixed10.8


A fix for this vulnerability is available for ArcGIS Server 10.4 - 10.7.1 as part of the ArcGIS Server Security 2020 Update 1 Patch:

Steps to Reproduce

Bug ID: BUG-000128060


  • ArcGIS GIS Server

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options

Discover more on this topic