The ArcGIS Server Simple Object Access Protocol (SOAP) endpoint, ‘http(s)://:/arcgis/services’, does not appear to have any application driven error handling and may be vulnerable to string injection and brute force attacks. Below is a link to the Vulnerability Score (CVSS): CVSS 3.3 (of 10): Low Risk Vulnerability
Last Published: June 28, 2016ArcGIS for Server
Bug ID Number
October 2, 2015
July 28, 2020
ArcGIS for Server
Operating System Version
2008 R2 64 Bit
This issue was not reproducible when tested by the development team. Issues may be given this status when they cannot be reproduced or are no longer relevant in a development version of the software, but a specific fix was not installed to address the issue. The issue's Additional Information section may contain further explanation.
Unable to reproduce the vulnerability outlined in this bug.