English
Bug Number BUG-000132353
Submitted Jul 18, 2020
Modified Feb 02, 2023
Severity Medium
Applies To ArcGIS Enterprise
Version Found 10.7.1
Prog Language N/A
Server Platform N/A
Client Platform N/A
Database N/A
Locale N/A
Status Fixed
Learn more
Version Fixed 10.8.1
SP Fixed N/A

Bug BUG-000132353

Synopsis

There are XML external entity (XXE) and Server Side Request Forgery (SSRF) vulnerabilities in Portal for ArcGIS.


Additional Information

The fix of this defect for Portal for ArcGIS 10.6.1 and Portal for ArcGIS 10.7.1 is provided in the 'Portal for ArcGIS Security 2020 Update 2 Patch' security patch. Refer to https://support.esri.com/en/download/7837.


Alternate Solution

Refer to https://support.esri.com/en/download/7837 for the 'Portal for ArcGIS Security 2020 Update 2 Patch' security patch.