ArcGIS Enterprise

ArcGIS Server SQL injection security update

A SQL injection vulnerability exists in some configurations of Esri ArcGIS Server versions 10.8.1 (and earlier). Specially crafted web requests can expose information that is not intended to be disclosed (not customer datasets).

Mitigating measures:

 

Esri has released updates for ArcGIS Server that resolve this moderate-risk vulnerability here.

CVSS and CVE (Coming soon)

Acknowledgements:

Leave a Reply

Please Login to comment

Next Article

Use ArcGIS Living Atlas to create a custom basemap gallery

Read this article