ArcGIS Enterprise

Portal for ArcGIS 10.8.1 Enterprise Sites Patch 2 available.

A moderate priority Cross Site Scripting (XSS) vulnerability has been discovered in ArcGIS Enterprise Sites Builder version 10.8.1.

[#BUG-000135364 XSS in ArcGIS Enterprise Sites (iframe card) ]

This is a moderate priority issue with a CVSSv3: 5.4.

Esri recommends all ArcGIS Enterprise administrators install this patch by using the ArcGIS Enterprise “Patch Notification” tool or by downloading the appropriate patch for your ArcGIS Enterprise site from the Portal for ArcGIS 10.8.1 Enterprise Sites Patch 2 patch page.
Be sure to subscribe to the RSS feed on the ArcGIS Trust Center for timely notifications regarding trends and issues related to security issues that impact the ArcGIS Platform.

References:

Check for and install software patches and updates

https://enterprise.arcgis.com/en/server/latest/administer/windows/check-for-software-patches-and-updates.htm

How To: Schedule Automatic Updates for ArcGIS Enterprise

About the author

I'm a member of the Software Security and Privacy Team. I also help out with Esri's Product Security Incident Response Team. I've been with Esri almost 14 years now. Before joining the Software Security and Privacy Team, I was a senior technical lead in Esri Support Services, focusing on deploying, securing, and using ArcGIS Enterprise technology.

Connect:

Leave a Reply

Please Login to comment

Next Article

ArcGIS Experience Builder Developer Edition 1.5 Now Available

Read this article