漏洞
When ArcGIS for Server security is set to Active Directory (AD) user, Windows role, and GIS tier, the user could login into REST with any domain name other than the user domain and user login and credentials. This only shows service information that is not secure. This caused confusion when an incorrect domain name or no domain name is used for login, as the secure services cannot be seen, but no error about the credentials is given.
| 漏洞 ID 编号 | BUG-000091031 |
|---|---|
| 已提交 | September 28, 2015 |
| 上次修改时间 | June 5, 2024 |
| 适用范围 | ArcGIS for Server |
| 找到的版本 | 10.3.1 |
| 操作系统 | Windows OS |
| 操作系统版本 | 2012 64 Bit |
| 状态 | Known Limit |
附加信息
Domain name is not required at 10.4 when logging in to REST. DOMAIN\USER is not required. Whatever is entered for DOMAIN will not be read.解决办法
Make sure to put the correct domain and credentials when logging into the REST endpoint to view secure services.重现步骤
漏洞 ID: BUG-000091031
软件:
- ArcGIS for Server
当漏洞状态发生变化时获得通知
发现关于本主题的更多内容
搜索相关信息
查找与此主题相关的培训
探索想法并提供反馈
获取来自 ArcGIS 专家的帮助
下载 Esri 支持应用程序