ArcGIS Enterprise

Portal for ArcGIS 10.8.1 Home Application Patch resolves two moderate priority security issues

The Portal for ArcGIS 10.8.1 Home Application Patch is now live on the support site. This patch includes fixes for two moderate priority security issues.

The URL to download this patch is:

Portal for ArcGIS 10.8.1 Home Application Patch

https://support.esri.com/en/download/7852

Summary

Esri highly recommends installing this patch to addressing the usability issues mentioned in the patch release summary page. In addition to fixes for those usability issues, this patch provides fixes for two moderate priority security vulnerabilities. These are:

BUG-000134926 – Unvalidated redirect issue in the ArcGIS Enterprise portal sign in page

BUG-000131991 – Reflected cross-site scripting (XSS) in the home application

Patches for these issues will be released for Portal for ArcGIS versions 10.5.1, 10.6.1, and 10.7.1 are upcoming. This blog will be updated when those patches are available.

Esri recommends that customers using Portal for ArcGIS 10.8.1 apply this patch in accordance with their organization’s timelines for addressing moderate security issues.

 

About the author

I'm a member of the Software Security and Privacy Team. I also help out with Esri's Product Security Incident Response Team. I've been with Esri almost 14 years now. Before joining the Software Security and Privacy Team, I was a senior technical lead in Esri Support Services, focusing on deploying, securing, and using ArcGIS Enterprise technology.

Connect:

Leave a Reply

Please Login to comment

Next Article

Online Services not affected by Microsoft Exchange Vulnerabilities

Read this article