A new Technical Support website experience is coming soon!

In the next couple of months, we will update the Technical Support website. It will look different, but all the information you expect will still be at your fingertips. In fact, we’ve worked hard to ensure you can find information even more easily.

Back to results

Bug Number	BUG-000137658
Submitted	Feb 23, 2021
Modified	Mar 25, 2023
Severity	High
Applies To	ArcGIS Enterprise
Version Found	10.8.1
Prog Language	N/A
Server Platform	N/A
Client Platform	N/A
Database	N/A
Locale	N/A
Status	Fixed Learn more
Version Fixed	10.9
SP Fixed	N/A

Bug BUG-000137658

Synopsis

There is a Server Side Request Forgery (SSRF) vulnerability in ArcGIS Server Manager. Note This security patch addresses multiple security vulnerabilities found in ArcGIS Server. Esri recommends that all customers using ArcGIS Server 10.8.1, 10.7.1, and 10.6.1 apply this patch.

Additional Information

N/A

Alternate Solution

The ArcGIS Server Security 2021 Update 1 Patch is now live on the support site. The URL is:

https://support.esri.com/en/download/7879