Bug Number BUG-000128060
Submitted Jan 21, 2020
Modified Oct 25, 2021
Severity Critical
Applies To ArcGIS GIS Server
Version Found 10.7.1
Prog Language N/A
Server Platform Windows 2016 64 Bit
Client Platform Windows 2016 64 Bit
Database N/A
Locale N/A
Status Implemented
Version Fixed 10.8
SP Fixed N/A

Bug BUG-000128060


ArcGIS Server has a Server Side Request Forgery (SSRF) security vulnerability.

Additional Information


Alternate Solution

A fix for this vulnerability is available for ArcGIS Server 10.4 - 10.7.1 as part of the ArcGIS Server Security 2020 Update 1 Patch: https://support.esri.com/en/download/7775