| Bug Number | BUG-000136840 |
| Submitted | Jan 19, 2021 |
| Modified | Feb 04, 2021 |
| Severity | High |
| Applies To | ArcGIS Enterprise |
| Version Found | No Version Found |
| Prog Language | N/A |
| Server Platform | Windows 2016 64 Bit |
| Client Platform | Windows 2016 64 Bit |
| Database | N/A |
| Locale | N/A |
| Status | Implemented |
| Version Fixed | 10.8.1 |
| SP Fixed | N/A |
Bug BUG-000136840
Synopsis
There is a Server Side Request Forgery (SSRF) vulnerability in Portal for ArcGIS.
Additional Information
The fix of this defect for Portal for ArcGIS 10.6.1 and Portal for ArcGIS 10.7.1 is provided in the 'Portal for ArcGIS Security 2020 Update 2 Patch' security patch. Refer to https://support.esri.com/en/download/7837.