{"id":1290262,"date":"2021-07-13T14:44:32","date_gmt":"2021-07-13T21:44:32","guid":{"rendered":"https:\/\/www.esri.com\/arcgis-blog\/?post_type=blog&#038;p=1290262"},"modified":"2024-05-13T08:49:00","modified_gmt":"2024-05-13T15:49:00","slug":"portal-for-arcgis-security-2021-update-1-patch","status":"publish","type":"blog","link":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2021-update-1-patch","title":{"rendered":"Portal for ArcGIS Security 2021 Update 1 Patch"},"author":5311,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"open","ping_status":"closed","template":"","format":"standard","meta":{"_acf_changed":false,"_searchwp_excluded":""},"categories":[37501],"tags":[24081,759222,23311,760192],"industry":[],"product":[36571],"class_list":["post-1290262","blog","type-blog","status-publish","format-standard","hentry","category-administration","tag-ssamymlgp","tag-cve","tag-portal-for-arcgis","tag-vulnerabilities","product-arcgis-enterprise"],"acf":{"short_description":"Portal for ArcGIS Security 2021 Security 2021 Update 1 Patch fixes one high priority vulnerability and two medium priority vulnerabilities.","flexible_content":[{"acf_fc_layout":"content","content":"<p>Esri has released the Portal for ArcGIS Security 2021 Update 1 Patch that resolves one high priority vulnerability and two medium priority security vulnerabilities across versions 10.9, 10.8.1, 10.8, 10.7.1, 10.6.1, and 10.6. As with all security patches, we encourage all system administrators to install security updates on relevant systems at your earliest opportunity.<\/p>\n<p>This patch addresses one high severity vulnerability and two medium severity vulnerabilities have been addressed in the <a href=\"https:\/\/support.esri.com\/en\/download\/7899\">Portal for ArcGIS Security 2021 Update 1 Patch<\/a>. This patch is available <em><a href=\"https:\/\/support.esri.com\/en\/download\/7899\">here<\/a>.<\/em><\/p>\n<p>We provide Common Vulnerability Scoring System (CVSS) scores to allow our customers to better assess risk of this vulnerability to their operations. Both the base score and a modified temporal score is provided to reflect the availability of an official patch.\u202f Please see\u202f<a href=\"https:\/\/www.first.org\/cvss\/\">Common Vulnerability Scoring System<\/a>\u202ffor more information on the definition of these metrics.<\/p>\n"},{"acf_fc_layout":"sidebar","content":"<p style=\"text-align: center\"><strong>Key Highlights<\/strong><\/p>\n<ul>\n<li>The Portal for ArcGIS Security 2021 Update 1 Patch\u00a0 is now available for 10.9, 10.8.1, 10.8, 10.7.1, 10.6.1, and 10.6.<\/li>\n<li>This patch addresses one high severity vulnerability and two medium severity vulnerabilities.<\/li>\n<li>System administrators: take the time to install this patch at your earliest opportunity.<\/li>\n<\/ul>\n","image_reference":false,"layout":"standard","image_reference_figure":"","snippet":"","spotlight_name":"","section_title":"","position":"Right","spotlight_image":false},{"acf_fc_layout":"content","content":"<p><strong>Vulnerabilities fixed in this patch include:<\/strong><\/p>\n<ul>\n<li><strong>There is a privilege escalation vulnerability<\/strong>\u00a0 in organization-specific logins in Esri Portal for ArcGIS versions 10.9 and below that may allow a remote, authenticated attacker to impersonate another account.<\/li>\n<\/ul>\n<p><strong>Common Vulnerability Scoring System (CVSS v3.1) Details<\/strong><\/p>\n<ul>\n<li>8.8 Base Score, 8.4 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<\/ul>\n<p>#CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:N\/S:U\/C:H\/I:H\/A:H\/RL:O\/RC:C<\/p>\n<p><strong>Mitigations<\/strong><\/p>\n<ul>\n<li>Implement SAML specific security best practices as documented in the <a href=\"https:\/\/trust.arcgis.com\/en\/documents\/Organization-Specific%20Logins%20FAQ.pdf\">ArcGIS Organization-Specific Logins FAQ<\/a><\/li>\n<li>Temporarily disable Organization Specific Logins (Not recommended)<\/li>\n<\/ul>\n<p><strong>Vulnerability Details<\/strong><\/p>\n<p>CVE-2021-29108\u202f\u2013 Improper Verification of Cryptographic Signature <a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/347.html\">CWE-347<\/a>\u202f\u2013 CVSS 8.4<\/p>\n<p>&nbsp;<\/p>\n<ul>\n<li><strong>A reflected Cross Site Scripting (XSS) vulnerability<\/strong> in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user\u2019s browser.<\/li>\n<\/ul>\n<p><strong>Common Vulnerability Scoring System (CVSS v3.1) Details<\/strong><\/p>\n<ul>\n<li>6.1 Base Score, 5.8 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<\/ul>\n<p>#CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N\/RL:O\/RC:C<\/p>\n<p><strong>Vulnerability Details<\/strong><\/p>\n<p>CVE-2021-29109\u202f\u2013 Cross Site Scripting (XXS) <a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/79.html\">CWE-79<\/a>\u202f\u2013 CVSS 5.8<\/p>\n<ul>\n<li><strong>A stored Cross Site Scripting (XSS) vulnerability<\/strong> in Esri Portal for ArcGIS version 10.9 and below may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the user\u2019s browser.<\/li>\n<\/ul>\n<p><strong>Common Vulnerability Scoring System (CVSS v3.1) Details<\/strong><\/p>\n<ul>\n<li>5.4 Base Score, 5.2 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<\/ul>\n<p>#CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N\/RL:O\/RC:C<\/p>\n<p><strong>Vulnerability Details<\/strong><\/p>\n<p>CVE-2021-29110\u202f\u2013 Cross Site Scripting (XXS) <a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/79.html\">CWE-79<\/a>\u202f\u2013 CVSS 5.2<\/p>\n<ul>\n<li><strong>A stored Cross Site Scripting (XSS) vulnerability<\/strong> in Esri Portal for ArcGIS before version 10.9.0 may allow a remote authenticated attackers able to inject arbitrary code which could potentially execute arbitrary JavaScript code in the user\u2019s browser.<\/li>\n<\/ul>\n<p><strong>Common Vulnerability Scoring System (CVSS v3.1) Details<\/strong><\/p>\n<ul>\n<li>5.4 Base Score, 5.2 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<\/ul>\n<p>#CVSS:3.1\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N\/RL:O\/RC:C<\/p>\n<p><strong>Vulnerability Details<\/strong><\/p>\n<p>CVE-2021-3012\u202f\u2013 Cross Site Scripting (XXS) <a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/79.html\">CWE-79<\/a>\u202f\u2013 CVSS 5.2<\/p>\n<p><strong>Additional Notes:<\/strong><\/p>\n<p><span class=\"uiOutputText\" dir=\"ltr\">This patch is highly recommended and encouraged for all customers running on currently supported versions of ArcGIS Enterprise (10.6, 10.6.1, 10.7.1, 10.8, 10.8.1).<\/span><\/p>\n<p><span class=\"uiOutputText\" dir=\"ltr\">As a new approach to help streamline the patching process for both customers and Esri, this patch will be a prerequisite for future patches of the Portal for ArcGIS component of ArcGIS Enterprise. As a consequence, <strong>this patch cannot be uninstalled once it has been applied to Windows systems<\/strong>. While the patch can be uninstalled on Linux systems, it will be required to install it again in such cases where future patches are desired.<\/span><\/p>\n<p><span class=\"uiOutputText\" dir=\"ltr\">\u00a0<\/span><span class=\"uiOutputText\" dir=\"ltr\">This also means that this patch is cumulative of all hot fixes and patches previously built and released for the individual versions. Refer to the Issues Addressed section of the patch page for details on accumulated fixes as the set of fixes is not identical when comparing across versions.<\/span><\/p>\n<p><span class=\"uiOutputText\" dir=\"ltr\">Older patches that have been made obsolete by this new patch will no longer show up in the <a href=\"https:\/\/enterprise.arcgis.com\/en\/server\/latest\/administer\/windows\/check-for-software-patches-and-updates.htm\">patch notification tool<\/a>. Some older Portal for ArcGIS patches will still be listed in the cases where they are not accumulated into this one and are thus still required to be installed separately.<\/span><\/p>\n"}],"authors":[{"ID":5311,"user_firstname":"Randall","user_lastname":"Williams","nickname":"Randall Williams","user_nicename":"randallwilliams","display_name":"Randall Williams","user_email":"randall_williams@esri.com","user_url":"https:\/\/trust.arcgis.com","user_registered":"2018-03-02 00:17:03","user_description":"","user_avatar":"<img data-del=\"avatar\" src='https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/08\/softwaresecurity.png' class='avatar pp-user-avatar avatar-96 photo ' height='96' width='96'\/>"},{"ID":3911,"user_firstname":"Michael","user_lastname":"Young","nickname":"Michael Young","user_nicename":"myoung1000","display_name":"Michael Young","user_email":"myoung@esri.com","user_url":"http:\/\/trust.arcgis.com","user_registered":"2018-03-02 00:15:29","user_description":"","user_avatar":"<img data-del=\"avatar\" src='https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2021\/12\/SSP-213x200.jpg' class='avatar pp-user-avatar avatar-96 photo ' height='96' width='96'\/>"}],"related_articles":"","card_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2021\/07\/SA-Portal.gif","wide_image":false},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.9 (Yoast SEO v25.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Portal for ArcGIS Security 2021 Update 1 Patch<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2021-update-1-patch\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Portal for ArcGIS Security 2021 Update 1 Patch\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2021-update-1-patch\" \/>\n<meta property=\"og:site_name\" content=\"ArcGIS Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/esrigis\/\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-13T15:49:00+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@ESRI\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2021-update-1-patch#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2021-update-1-patch\"},\"author\":{\"name\":\"Randall Williams\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/6257d65f342fee9c48e7f16f9a428959\"},\"headline\":\"Portal for ArcGIS Security 2021 Update 1 Patch\",\"datePublished\":\"2021-07-13T21:44:32+00:00\",\"dateModified\":\"2024-05-13T15:49:00+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2021-update-1-patch\"},\"wordCount\":6,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\"},\"keywords\":[\"ArcGIS Trust Center\",\"CVE\",\"Portal for ArcGIS\",\"vulnerabilities\"],\"articleSection\":[\"Administration\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2021-update-1-patch#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2021-update-1-patch\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2021-update-1-patch\",\"name\":\"Portal for ArcGIS Security 2021 Update 1 Patch\",\"isPartOf\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#website\"},\"datePublished\":\"2021-07-13T21:44:32+00:00\",\"dateModified\":\"2024-05-13T15:49:00+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2021-update-1-patch#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2021-update-1-patch\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2021-update-1-patch#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esri.com\/arcgis-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Portal for ArcGIS Security 2021 Update 1 Patch\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#website\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/\",\"name\":\"ArcGIS Blog\",\"description\":\"Get insider info from Esri product teams\",\"publisher\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esri.com\/arcgis-blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\",\"name\":\"Esri\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png\",\"contentUrl\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png\",\"width\":400,\"height\":400,\"caption\":\"Esri\"},\"image\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/esrigis\/\",\"https:\/\/x.com\/ESRI\",\"https:\/\/www.linkedin.com\/company\/5311\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/6257d65f342fee9c48e7f16f9a428959\",\"name\":\"Randall Williams\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/08\/softwaresecurity.png\",\"contentUrl\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/08\/softwaresecurity.png\",\"caption\":\"Randall Williams\"},\"sameAs\":[\"https:\/\/trust.arcgis.com\"],\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/author\/randallwilliams\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Portal for ArcGIS Security 2021 Update 1 Patch","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2021-update-1-patch","og_locale":"en_US","og_type":"article","og_title":"Portal for ArcGIS Security 2021 Update 1 Patch","og_url":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2021-update-1-patch","og_site_name":"ArcGIS Blog","article_publisher":"https:\/\/www.facebook.com\/esrigis\/","article_modified_time":"2024-05-13T15:49:00+00:00","twitter_card":"summary_large_image","twitter_site":"@ESRI","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2021-update-1-patch#article","isPartOf":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2021-update-1-patch"},"author":{"name":"Randall Williams","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/6257d65f342fee9c48e7f16f9a428959"},"headline":"Portal for ArcGIS Security 2021 Update 1 Patch","datePublished":"2021-07-13T21:44:32+00:00","dateModified":"2024-05-13T15:49:00+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2021-update-1-patch"},"wordCount":6,"commentCount":0,"publisher":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization"},"keywords":["ArcGIS Trust Center","CVE","Portal for ArcGIS","vulnerabilities"],"articleSection":["Administration"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2021-update-1-patch#respond"]}]},{"@type":"WebPage","@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2021-update-1-patch","url":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2021-update-1-patch","name":"Portal for ArcGIS Security 2021 Update 1 Patch","isPartOf":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#website"},"datePublished":"2021-07-13T21:44:32+00:00","dateModified":"2024-05-13T15:49:00+00:00","breadcrumb":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2021-update-1-patch#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2021-update-1-patch"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2021-update-1-patch#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esri.com\/arcgis-blog\/"},{"@type":"ListItem","position":2,"name":"Portal for ArcGIS Security 2021 Update 1 Patch"}]},{"@type":"WebSite","@id":"https:\/\/www.esri.com\/arcgis-blog\/#website","url":"https:\/\/www.esri.com\/arcgis-blog\/","name":"ArcGIS Blog","description":"Get insider info from Esri product teams","publisher":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esri.com\/arcgis-blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization","name":"Esri","url":"https:\/\/www.esri.com\/arcgis-blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png","contentUrl":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png","width":400,"height":400,"caption":"Esri"},"image":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/esrigis\/","https:\/\/x.com\/ESRI","https:\/\/www.linkedin.com\/company\/5311\/"]},{"@type":"Person","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/6257d65f342fee9c48e7f16f9a428959","name":"Randall Williams","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/image\/","url":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/08\/softwaresecurity.png","contentUrl":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/08\/softwaresecurity.png","caption":"Randall Williams"},"sameAs":["https:\/\/trust.arcgis.com"],"url":"https:\/\/www.esri.com\/arcgis-blog\/author\/randallwilliams"}]}},"text_date":"July 13, 2021","author_name":"Multiple Authors","author_page":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2021-update-1-patch","custom_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2025\/08\/Newsroom-Keyart-Wide-1920-x-1080.jpg","primary_product":"ArcGIS Enterprise","tag_data":[{"term_id":24081,"name":"ArcGIS Trust Center","slug":"ssamymlgp","term_group":0,"term_taxonomy_id":24081,"taxonomy":"post_tag","description":"","parent":0,"count":96,"filter":"raw"},{"term_id":759222,"name":"CVE","slug":"cve","term_group":0,"term_taxonomy_id":759222,"taxonomy":"post_tag","description":"","parent":0,"count":32,"filter":"raw"},{"term_id":23311,"name":"Portal for ArcGIS","slug":"portal-for-arcgis","term_group":0,"term_taxonomy_id":23311,"taxonomy":"post_tag","description":"","parent":0,"count":28,"filter":"raw"},{"term_id":760192,"name":"vulnerabilities","slug":"vulnerabilities","term_group":0,"term_taxonomy_id":760192,"taxonomy":"post_tag","description":"","parent":0,"count":4,"filter":"raw"}],"category_data":[{"term_id":37501,"name":"Administration","slug":"administration","term_group":0,"term_taxonomy_id":37501,"taxonomy":"category","description":"","parent":0,"count":427,"filter":"raw"}],"product_data":[{"term_id":36571,"name":"ArcGIS Enterprise","slug":"arcgis-enterprise","term_group":0,"term_taxonomy_id":36571,"taxonomy":"product","description":"","parent":0,"count":976,"filter":"raw"}],"primary_product_link":"https:\/\/www.esri.com\/arcgis-blog\/?s=#&products=arcgis-enterprise","_links":{"self":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog\/1290262","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/users\/5311"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/comments?post=1290262"}],"version-history":[{"count":0,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog\/1290262\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/media?parent=1290262"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/categories?post=1290262"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/tags?post=1290262"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/industry?post=1290262"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/product?post=1290262"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}