ArcGIS Enterprise

The ArcGIS Server Security 2019 Update 2 Patch is now available!

The ArcGIS Server Security 2019 Update 2 Patch is now live on the support site. The URL is:

https://support.esri.com/en/download/7745

Summary
This security patch addresses multiple security vulnerabilities found in ArcGIS Server. Esri recommends that all customers using ArcGIS Server 10.7.1, 10.6.1, 10.5.1, and 10.4.1 apply this patch.

Issues Addressed with this patch include:

• BUG-000125044 – Hosted feature service has a stored cross-site scripting (XSS) vulnerability. (10.7.1 and 10.6.1 only)
CVSS 3.0 Base Score: 4.6 – CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

• BUG-000123103 – ArcGIS Server improperly handles an incorrect CORS origin.
CVSS 3.0 Base Score: 4.2 – CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N

• BUG-000124991 – ArcGIS Server fails to fully import root or intermediate certificates. (10.7.1 and 10.6.1 only)

See patch page for list of cumulative issues.

About the author

I'm a member of the Software Security and Privacy Team. I also help out with Esri's Product Security Incident Response Team. I've been with Esri almost 11 years now. Before joining the Software Security and Privacy Team, I was a senior technical lead in Esri Support Services, focusing on deploying, securing, and using ArcGIS Enterprise technology.

Next Article

Use World Imagery Wayback to create a custom basemap

Read this article