laptop and a wrench


The ArcGIS Server Simple Object Access Protocol (SOAP) endpoint, ‘http(s)://:/arcgis/services’, does not appear to have any application driven error handling and may be vulnerable to string injection and brute force attacks. Below is a link to the Vulnerability Score (CVSS): CVSS 3.3 (of 10): Low Risk Vulnerability

Last Published: June 28, 2016 ArcGIS for Server
Bug ID Number BUG-000091164
SubmittedOctober 2, 2015
Last ModifiedJuly 28, 2020
Applies toArcGIS for Server
Version found10.3.1
Operating SystemWindows
Operating System Version2008 R2 64 Bit

Additional Information

Unable to reproduce the vulnerability outlined in this bug.

Steps to Reproduce

Bug ID: BUG-000091164


  • ArcGIS for Server

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options

Discover more on this topic