BUG
Issues addressed by ArcGIS Server Security (August 2014) Patch
Description
ArcGIS 10.1 SP1 QIP, 10.2.1, and 10.2.2 for Server Security (August 2014) Patch addresses two security vulnerabilities found in ArcGIS for Server.
Vulnerability details
NIM102197 - Unauthorized access to some resources from secured services is possible in certain circumstances. This occurs in ArcGIS for Server 10.2, 10.2.1, and 10.2.2
NIM102939 - Multiple stored cross-site scripting (XSS) vulnerabilities found. This occurs in ArcGIS for Server 10.1, 10.1 SP1, 10.2, 10.2.1, and 10.2.2
Cause
These are known issues.
Workaround
There is no workaround.Esri highly recommends all customers using ArcGIS 10.1 for Server and later apply the ArcGIS for Server Security Patch (January 2015).
Customers who are using 10.2 should first upgrade to 10.2.1 or 10.2.2.
Note:
If the ArcGIS for Server Security Patch (August 2014) has been previously installed, all fixes in this patch are included in the January 2015 patch.
Note:
Due to an issue with the 10.1 SP1 QIP setup for Windows in the Server Security (August 2014) Patch, users must uninstall the 10.1 SP1 QIP patch version before installing the ArcGIS for Server Security (January 2015) Patch.
Click this link to download the ArcGIS for Server Security (January 2015) Patch.
Article ID: 000011860
- ArcGIS Server
Receive notifications and find solutions for new or common issues
Get summarized answers and video solutions from our new AI chatbot.
Discover more on this topic
Search for related information
Find training related to this topic
Explore ideas and give feedback
Get help from ArcGIS experts
Download the Esri Support App