laptop and a wrench


There is a Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS.

Last Published: February 4, 2021 Portal for ArcGIS
Bug ID Number BUG-000136840
SubmittedJanuary 19, 2021
Last ModifiedFebruary 15, 2023
Applies toPortal for ArcGIS
Version found10.7.1
Operating SystemWindows OS
Operating System Version2016 64 Bit
Version Fixed10.8.1

Additional Information

The fix of this defect for Portal for ArcGIS 10.6.1 and Portal for ArcGIS 10.7.1 is provided in the 'Portal for ArcGIS Security 2020 Update 2 Patch' security patch. Refer to

Steps to Reproduce

Bug ID: BUG-000136840


  • Portal for ArcGIS

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options

Discover more on this topic