laptop and a wrench

Bug

Reflected Cross-Site Scripting (XSS) vulnerability in ArcGIS Server.

Last Published: February 7, 2022 ArcGIS GIS Server
Bug ID Number BUG-000146513
SubmittedFebruary 1, 2022
Last ModifiedSeptember 15, 2022
Applies toArcGIS GIS Server
Version found10.9.1
Operating SystemN/A
Operating System VersionN/A
Version Fixed11.0
StatusFixed

Additional Information

The ArcGIS Server Security 2022 Update 1 Patch is now live on the support site. The URL is: https://support.esri.com/en/download/8043. This is a 3 version patch for 10.7.1, 10.8.1 and 10.9.1

Workaround

  1. Disable the ArcGIS Services Directory. Refer to, https://enterprise.arcgis.com/en/server/latest/administer/linux/disabling-the-services-directory.htm.
  2. Secure the web service.

Steps to Reproduce

Bug ID: BUG-000146513

Software:

  • ArcGIS GIS Server

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options

Discover more on this topic

Esri Community

Search for related information

Training

Find training related to this topic

ArcGIS Ideas

Explore ideas and give feedback