Bug Number | BUG-000132353 |
Submitted | Jul 18, 2020 |
Modified | Feb 02, 2023 |
Severity | Medium |
Applies To | ArcGIS Enterprise |
Version Found | 10.7.1 |
Prog Language | N/A |
Server Platform | N/A |
Client Platform | N/A |
Database | N/A |
Locale | N/A |
Status |
Fixed
Learn more |
Version Fixed | 10.8.1 |
SP Fixed | N/A |
Bug BUG-000132353
Synopsis
There are XML external entity (XXE) and Server Side Request Forgery (SSRF) vulnerabilities in Portal for ArcGIS.
Additional Information
The fix of this defect for Portal for ArcGIS 10.6.1 and Portal for ArcGIS 10.7.1 is provided in the 'Portal for ArcGIS Security 2020 Update 2 Patch' security patch. Refer to https://support.esri.com/en/download/7837.
Alternate Solution
Refer to https://support.esri.com/en/download/7837 for the 'Portal for ArcGIS Security 2020 Update 2 Patch' security patch.