Bug Number BUG-000137658
Submitted Feb 23, 2021
Modified Mar 25, 2023
Severity High
Applies To ArcGIS Enterprise
Version Found 10.8.1
Prog Language N/A
Server Platform N/A
Client Platform N/A
Database N/A
Locale N/A
Status Fixed
Learn more
Version Fixed 10.9
SP Fixed N/A

Bug BUG-000137658


There is a Server Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager. Note This security patch addresses multiple security vulnerabilities found in ArcGIS Server. Esri recommends that all customers using ArcGIS Server 10.8.1, 10.7.1, and 10.6.1 apply this patch.

Additional Information


Alternate Solution

The ArcGIS Server Security 2021 Update 1 Patch is now live on the support site. The URL is: