Bug Number BUG-000128060
Submitted Jan 21, 2020
Modified Mar 25, 2023
Severity Critical
Applies To ArcGIS GIS Server
Version Found 10.7.1
Prog Language N/A
Server Platform N/A
Client Platform N/A
Database N/A
Locale N/A
Status Fixed
Learn more
Version Fixed 10.8
SP Fixed N/A

Bug BUG-000128060


ArcGIS Server has a Server Side Request Forgery (SSRF) security vulnerability.

Additional Information


Alternate Solution

A fix for this vulnerability is available for ArcGIS Server 10.4 - 10.7.1 as part of the ArcGIS Server Security 2020 Update 1 Patch: https://support.esri.com/en/download/7775