Is This Content Helpful?
We're glad to know this article was helpful.
ArcGIS 10.1 SP1 QIP, 10.2.1, and 10.2.2 for Server Security (August 2014) Patch addresses two security vulnerabilities found in ArcGIS for Server.
NIM102197 - Unauthorized access to some resources from secured services is possible in certain circumstances. This occurs in ArcGIS for Server 10.2, 10.2.1, and 10.2.2
NIM102939 - Multiple stored cross-site scripting (XSS) vulnerabilities found. This occurs in ArcGIS for Server 10.1, 10.1 SP1, 10.2, 10.2.1, and 10.2.2
These are known issues.
There is no workaround.
Esri highly recommends all customers using ArcGIS 10.1 for Server and later apply the ArcGIS for Server Security Patch (January 2015).
Customers who are using 10.2 should first upgrade to 10.2.1 or 10.2.2.
If the ArcGIS for Server Security Patch (August 2014) has been previously installed, all fixes in this patch are included in the January 2015 patch.
Due to an issue with the 10.1 SP1 QIP setup for Windows in the Server Security (August 2014) Patch, users must uninstall the 10.1 SP1 QIP patch version before installing the ArcGIS for Server Security (January 2015) Patch.