漏洞
When a service is configured to allow only a specific set of roles, but its parent folder is configured to allow public access, any user aware of the service's REST endpoint can bypass security and access the service as if it was publicly accessible.
| 漏洞 ID 编号 | NIM075654 |
|---|---|
| 已提交 | November 22, 2011 |
| 上次修改时间 | June 5, 2024 |
| 适用范围 | No Product Found |
| 找到的版本 | 10.1 |
| 修正版本 | 10.1 |
| 状态 | Fixed |
解决办法
Instead of configuring security for the service, apply the security settings to the parent folder containing the service.重现步骤
漏洞 ID: NIM075654
软件:
- No Product Found
当漏洞状态发生变化时获得通知
发现关于本主题的更多内容
搜索相关信息
查找与此主题相关的培训
探索想法并提供反馈
获取来自 ArcGIS 专家的帮助
下载 Esri 支持应用程序