ArcGIS Enterprise

The ArcGIS Server Security 2019 Update 2 Patch is now available!

The ArcGIS Server Security 2019 Update 2 Patch is now live on the support site. The URL is:

This security patch addresses multiple security vulnerabilities found in ArcGIS Server. Esri recommends that all customers using ArcGIS Server 10.7.1, 10.6.1, 10.5.1, and 10.4.1 apply this patch.

Issues Addressed with this patch include:

• BUG-000125044 – Hosted feature service has a stored cross-site scripting (XSS) vulnerability. (10.7.1 and 10.6.1 only)
CVSS 3.0 Base Score: 4.6 – CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

• BUG-000123103 – ArcGIS Server improperly handles an incorrect CORS origin.
CVSS 3.0 Base Score: 4.2 – CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

• BUG-000124991 – ArcGIS Server fails to fully import root or intermediate certificates. (10.7.1 and 10.6.1 only)

See patch page for list of cumulative issues.

About the author

I'm a member of the Software Security and Privacy Team. I also help out with Esri's Product Security Incident Response Team. I've been with Esri almost 14 years now. Before joining the Software Security and Privacy Team, I was a senior technical lead in Esri Support Services, focusing on deploying, securing, and using ArcGIS Enterprise technology.


Next Article

A Process for Deprecating Maps and Layers

Read this article