laptop and a wrench


The ArcGIS Server Simple Object Access Protocol (SOAP) endpoint, ‘http(s)://:/arcgis/services’, does not appear to have any application driven error handling and may be vulnerable to string injection and brute force attacks. Below is a link to the Vulnerability Score (CVSS): CVSS 3.3 (of 10): Low Risk Vulnerability

Last Published: June 28, 2016 ArcGIS for Server
Bug ID Number BUG-000091164
SubmittedOctober 2, 2015
Last ModifiedJune 5, 2024
Applies toArcGIS for Server
Version found10.3.1
Operating SystemWindows OS
Operating System Version2008 R2 64 Bit

Additional Information

Unable to reproduce the vulnerability outlined in this bug.

Steps to Reproduce

Bug ID: BUG-000091164


  • ArcGIS for Server

Get notified when the status of a bug changes

Download the Esri Support App

Discover more on this topic

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options