Bug
Directory traversal vulnerability in ArcGIS Server.
| Bug ID Number | BUG-000152121 |
|---|---|
| Submitted | September 6, 2022 |
| Last Modified | March 6, 2023 |
| Applies to | ArcGIS GIS Server |
| Version found | 10.9.1 |
| Operating System | N/A |
| Operating System Version | N/A |
| Version Fixed | 11.1 |
| Status | Fixed |
Additional Information
This defect is resolved for versions 11.0 and 10.9 in the ArcGIS Server Directory Traversal Vulnerability Patch which is now live on the Esri Support site. The URL is: https://support.esri.com/en/download/8063 This defect is resolved for versions 10.9.1, 10.8.1, and 10.7.1 in the ArcGIS Server Security 2022 Update 2 Patch which is now live on the Esri Support site. The URL is: https://support.esri.com/en/download/8064Workaround
The ArcGIS Server Directory Traversal Vulnerability Patch is now live on the support site. The URL is:
https://support.esri.com/en/download/8063
Summary
This security patch addresses a security vulnerability found in ArcGIS Server. Esri recommends that all customers using ArcGIS Server 11.0 and 10.9 apply this patch.
Steps to Reproduce
Bug ID: BUG-000152121
Software:
- ArcGIS GIS Server
Get help from ArcGIS experts
Download the Esri Support App
Discover more on this topic
Search for related information
Find training related to this topic
Explore ideas and give feedback