中文
漏洞编号 BUG-000132353
已提交 Jul 18, 2020
Modified Jan 13, 2022
严重性 Medium
应用于 ArcGIS Enterprise
找到的版本 10.7.1
程序语言 N/A
服务器平台 Windows 2016 64 Bit
客户端平台 Windows 2016 64 Bit
数据库 N/A
区域设置 N/A
状态 Implemented
Learn more
修正版本 10.8.1
SP 修复 N/A

漏洞 BUG-000132353

摘要

There are XML external entity (XXE) and Server Side Request Forgery (SSRF) vulnerabilities in Portal for ArcGIS.


附加信息

The fix of this defect for Portal for ArcGIS 10.6.1 and Portal for ArcGIS 10.7.1 is provided in the 'Portal for ArcGIS Security 2020 Update 2 Patch' security patch. Refer to https://support.esri.com/en/download/7837.


备用解决方案

Refer to https://support.esri.com/en/download/7837 for the 'Portal for ArcGIS Security 2020 Update 2 Patch' security patch.