laptop and a wrench

Bug

Map and Image services are vulnerable to a XML external entity injection (XXE).

Last Published: February 12, 2016 ArcGIS for Server
Bug ID Number BUG-000092906
SubmittedDecember 10, 2015
Last ModifiedJuly 28, 2020
SeverityHigh
Applies toArcGIS for Server
Version found10.3.1
Version Fixed10.4.0
StatusFixed

Steps to Reproduce

Bug ID: BUG-000092906

Software:

  • ArcGIS for Server

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options

Discover more on this topic

Esri Community

Search for related information

Training

Find training related to this topic

ArcGIS Ideas

Explore ideas and give feedback