laptop and a wrench

Bug

Map and Image services are vulnerable to a XML external entity injection (XXE).

Last Published: February 12, 2016 ArcGIS for Server
Bug ID Number BUG-000092906
SubmittedDecember 10, 2015
Last ModifiedJuly 28, 2020
Applies toArcGIS for Server
Version found10.3.1
Version Fixed10.4.0
StatusFixed

Steps to Reproduce

Bug ID: BUG-000092906

Software:

  • ArcGIS for Server

Get help from ArcGIS experts

Contact technical support

Download the Esri Support App

Go to download options

Discover more on this topic