{"id":1641722,"date":"2022-07-20T12:14:28","date_gmt":"2022-07-20T19:14:28","guid":{"rendered":"https:\/\/www.esri.com\/arcgis-blog\/?post_type=blog&#038;p=1641722"},"modified":"2024-05-13T08:47:21","modified_gmt":"2024-05-13T15:47:21","slug":"portal-for-arcgis-security-2022-update-1-patch","status":"publish","type":"blog","link":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2022-update-1-patch","title":{"rendered":"Portal for ArcGIS Security 2022 Update 1 Patch"},"author":5311,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","format":"standard","meta":{"_acf_changed":false,"_searchwp_excluded":""},"categories":[37501],"tags":[759222,23311,241722,760192],"industry":[],"product":[36571,763582],"class_list":["post-1641722","blog","type-blog","status-publish","format-standard","hentry","category-administration","tag-cve","tag-portal-for-arcgis","tag-ssamlymlgp","tag-vulnerabilities","product-arcgis-enterprise","product-trust-arcgis"],"acf":{"short_description":"Esri has released the Portal for ArcGIS Security 2022 Update 1 Patch resolving multiple high and medium severity vulnerabilities.","flexible_content":[{"acf_fc_layout":"content","content":"<p>Esri has released the Portal for ArcGIS Security 2022 Update 1 Patch that resolves multiple high and medium severity security vulnerabilities across versions 10.9.1, 10.8.1, and 10.7.1.<\/p>\n<p>This patch is available <a href=\"https:\/\/support.esri.com\/en\/download\/7948\"><em>here<\/em><\/a><em>.<\/em><\/p>\n<p>We provide <a href=\"https:\/\/www.first.org\/cvss\/v3.1\/user-guide\">Common Vulnerability Scoring System v.3.1 (CVSS)<\/a> scores to allow our customers to better assess risk of these vulnerabilities to their operations.\u00a0 Both base and modified temporal scores are provided to reflect the availability of an official patch.<\/p>\n"},{"acf_fc_layout":"sidebar","content":"<p>Key Highlights<\/p>\n<ul>\n<li>The Portal for ArcGIS Security 2022 Update 1 Patch\u00a0is now available for versions 10.9,1 10.8.1, and 10.7.1.<\/li>\n<li>System administrators: take the time to install this patch at your earliest opportunity to address high and medium severity vulnerabilities.<\/li>\n<\/ul>\n","image_reference":false,"layout":"standard","image_reference_figure":"","snippet":"","spotlight_name":"","section_title":"","position":"Right","spotlight_image":false},{"acf_fc_layout":"content","content":"<h2><strong>Vulnerabilities fixed by this patch<\/strong><\/h2>\n<h3><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38184\">CVE-2022-38184<\/a> \u2013 <a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/284.html\">CWE-284<\/a><\/h3>\n<p>There is an <strong>improper access control vulnerability<\/strong> in Portal for ArcGIS versions 10.8.1 and below which could allow a remote, unauthenticated attacker to access an API that may induce Esri Portal for ArcGIS to read arbitrary URLs.<\/p>\n<p><strong>CVSS Details:<\/strong><\/p>\n<ul>\n<li>7.5 Base Score, 6.2 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<li>\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N\/RL:O\/RC:C\/MPR:L<\/li>\n<\/ul>\n<p><strong>Mitigations:\u00a0<\/strong>Disable anonymous access to Portal for ArcGIS<\/p>\n<p><strong>Esri Bug ID: <\/strong>BUG-000143640 &amp; BUG-000143638<\/p>\n<p>&nbsp;<\/p>\n<h3><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38186\">CVE-2022-38186<\/a> &#8211; <a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/79.html\">CWE-79<\/a><\/h3>\n<p>There is <strong>a reflected XSS vulnerability <\/strong>in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim\u2019s browser.<\/p>\n<p><strong>CVSS Details:<\/strong><\/p>\n<ul>\n<li>7.1 Base Score, 5.2 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<li>\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:L\/RL:O\/MPR:L<\/li>\n<\/ul>\n<p><strong>Mitigations: <\/strong>Disable Anonymous Access to Portal for ArcGIS<\/p>\n<p><strong>Esri Bug ID: <\/strong>BUG-000143642 &amp; BUG-000137733<\/p>\n<p>&nbsp;<\/p>\n<h3><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38188\">CVE-2022-38188<\/a> &#8211; <a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/79.html\">CWE-79<\/a><\/h3>\n<p>There is <strong>a reflected XSS vulnerability <\/strong>in Esri Portal for ArcGIS versions 10.8.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim\u2019s browser.<\/p>\n<p><strong>CVSS Details:<\/strong><\/p>\n<ul>\n<li>7.1 Base Score, 5.2 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<li>\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:L\/RL:O\/MPR:L<\/li>\n<\/ul>\n<p><strong>Mitigations: <\/strong>Disable Anonymous Access to Portal for ArcGIS<\/p>\n<p><strong>Esri Bug ID: <\/strong>BUG-000136544<\/p>\n<p>&nbsp;<\/p>\n<h3><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38194\">CVE-2022-38194<\/a> \u2013\u00a0<a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/311.html\">CWE-311<\/a><\/h3>\n<p>In Esri Portal for ArcGIS versions 10.8.1, <strong>a system property is not properly encrypted<\/strong>. This may lead to a local user reading sensitive information from a properties file.<\/p>\n<p><strong>CVSS Details:<\/strong><\/p>\n<ul>\n<li>6.7 Base Score, 6.4 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<li>\/AV:L\/AC:L\/PR:H\/UI:N\/S:C\/C:H\/I:L\/A:N\/RL:O\/RC:C<\/li>\n<\/ul>\n<p><strong>Esri Bug ID: <\/strong>BUG-000133255<\/p>\n<p>&nbsp;<\/p>\n<h3><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38193\"><span class=\"TextRun BCX9 SCXO146953410\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun BCX9 SCXO146953410\">CVE-2022-38193<\/span><\/span><\/a> \u2013 <a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/94.html\">CWE-95<\/a><\/h3>\n<p>There is <strong>a code injection vulnerability<\/strong> in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass strings which could potentially cause arbitrary code execution.<\/p>\n<p><strong>CVSS Details:<\/strong><\/p>\n<ul>\n<li>6.1 Base Score, 5.8 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<li>\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N\/RL:O<\/li>\n<\/ul>\n<p><strong>Esri Bug ID: <\/strong>BUG-000135726<\/p>\n<p>&nbsp;<\/p>\n<h3><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38192\"><span class=\"TextRun BCX9 SCXO18656973\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun BCX9 SCXO18656973\">CVE-2022-38192<\/span><\/span><\/a> &#8211; <a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/79.html\">CWE-79<\/a><\/h3>\n<p>There is a <strong>stored Cross Site Scripting (XSS) vulnerability<\/strong> in Esri Portal for ArcGIS versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user\u2019s browser<\/p>\n<p><strong>CVSS Details:<\/strong><\/p>\n<ul>\n<li>5.7 Base Score, 5.5 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<li>\/AV:N\/AC:L\/PR:L\/UI:R\/S:U\/C:H\/I:N\/A:N\/RL:O<\/li>\n<\/ul>\n<p><strong>Esri Bug ID: <\/strong>BUG-000149597<\/p>\n<p>&nbsp;<\/p>\n<h3><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38190\">CVE-2022-38190<\/a> &#8211; <a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/79.html\">CWE-79<\/a><\/h3>\n<p>There is a <strong>stored Cross Site Scripting (XSS) vulnerability<\/strong> in Esri Portal for ArcGIS configurable apps versions 10.8.1 and below that may allow a remote, unauthenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user\u2019s browser<\/p>\n<p><strong>CVSS Details:<\/strong><\/p>\n<ul>\n<li>5.4 Base Score, 5.2 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<li>AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N\/RL:O\/RC:C\/<\/li>\n<\/ul>\n<p><strong>Esri Bug ID: <\/strong>BUG-000143643<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<h3><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38191\"><span class=\"TextRun BCX9 SCXO172937625\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun BCX9 SCXO172937625\">CVE-2022-38191<\/span><\/span><\/a> &#8211; <a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/74.html\">CWE-74<\/a><\/h3>\n<p>There is <strong>an HTML injection issue <\/strong>in Esri Portal for ArcGIS versions 10.9 and below which may allow a remote, authenticated attacker to inject HTML into some locations in the home application.<\/p>\n<p><strong>CVSS Details:<\/strong><\/p>\n<ul>\n<li>5.4 Base Score, 5.2 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<li>AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N\/RL:O<\/li>\n<\/ul>\n<p><strong>Esri Bug ID<\/strong>: BUG-000138486<\/p>\n<p>&nbsp;<\/p>\n<h3><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38189\"><span class=\"TextRun BCX9 SCXO256017236\" lang=\"EN-US\" xml:lang=\"EN-US\" data-contrast=\"auto\"><span class=\"NormalTextRun BCX9 SCXO256017236\">CVE-2022-38189<\/span><\/span><\/a> &#8211; <a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/79.html\">CWE-79<\/a><\/h3>\n<p>There is a<strong> stored Cross Site Scripting (XSS) vulnerability <\/strong>in Esri Portal for ArcGIS which may allow a remote, authenticated attacker to pass and store malicious strings via crafted queries which when accessed could potentially execute arbitrary JavaScript code in the user\u2019s browser. This is a separate fix than BUG-000149597.<\/p>\n<p><strong>CVSS Details:<\/strong><\/p>\n<ul>\n<li>5.4 Base Score, 5.2 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<li>AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N\/RL:O\/RC:C\/<\/li>\n<\/ul>\n<p><strong>Esri Bug ID: <\/strong>BUG-000133257<\/p>\n<p>&nbsp;<\/p>\n"}],"related_articles":"","authors":[{"ID":5311,"user_firstname":"Randall","user_lastname":"Williams","nickname":"Randall Williams","user_nicename":"randallwilliams","display_name":"Randall Williams","user_email":"randall_williams@esri.com","user_url":"https:\/\/trust.arcgis.com","user_registered":"2018-03-02 00:17:03","user_description":"","user_avatar":"<img data-del=\"avatar\" src='https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/08\/softwaresecurity.png' class='avatar pp-user-avatar avatar-96 photo ' height='96' width='96'\/>"},{"ID":3911,"user_firstname":"Michael","user_lastname":"Young","nickname":"Michael Young","user_nicename":"myoung1000","display_name":"Michael Young","user_email":"myoung@esri.com","user_url":"http:\/\/trust.arcgis.com","user_registered":"2018-03-02 00:15:29","user_description":"","user_avatar":"<img data-del=\"avatar\" src='https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2021\/12\/SSP-213x200.jpg' class='avatar pp-user-avatar avatar-96 photo ' height='96' width='96'\/>"}],"card_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2021\/07\/SA-Portal.gif","wide_image":false},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.9 (Yoast SEO v25.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Portal for ArcGIS Security 2022 Update 1 Patch<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2022-update-1-patch\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Portal for ArcGIS Security 2022 Update 1 Patch\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2022-update-1-patch\" \/>\n<meta property=\"og:site_name\" content=\"ArcGIS Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/esrigis\/\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-13T15:47:21+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@ESRI\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2022-update-1-patch#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2022-update-1-patch\"},\"author\":{\"name\":\"Randall Williams\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/6257d65f342fee9c48e7f16f9a428959\"},\"headline\":\"Portal for ArcGIS Security 2022 Update 1 Patch\",\"datePublished\":\"2022-07-20T19:14:28+00:00\",\"dateModified\":\"2024-05-13T15:47:21+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2022-update-1-patch\"},\"wordCount\":6,\"publisher\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\"},\"keywords\":[\"CVE\",\"Portal for ArcGIS\",\"SSAMLYMLGP\",\"vulnerabilities\"],\"articleSection\":[\"Administration\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2022-update-1-patch\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2022-update-1-patch\",\"name\":\"Portal for ArcGIS Security 2022 Update 1 Patch\",\"isPartOf\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#website\"},\"datePublished\":\"2022-07-20T19:14:28+00:00\",\"dateModified\":\"2024-05-13T15:47:21+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2022-update-1-patch#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2022-update-1-patch\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2022-update-1-patch#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esri.com\/arcgis-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Portal for ArcGIS Security 2022 Update 1 Patch\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#website\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/\",\"name\":\"ArcGIS Blog\",\"description\":\"Get insider info from Esri product teams\",\"publisher\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esri.com\/arcgis-blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\",\"name\":\"Esri\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png\",\"contentUrl\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png\",\"width\":400,\"height\":400,\"caption\":\"Esri\"},\"image\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/esrigis\/\",\"https:\/\/x.com\/ESRI\",\"https:\/\/www.linkedin.com\/company\/5311\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/6257d65f342fee9c48e7f16f9a428959\",\"name\":\"Randall Williams\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/08\/softwaresecurity.png\",\"contentUrl\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/08\/softwaresecurity.png\",\"caption\":\"Randall Williams\"},\"sameAs\":[\"https:\/\/trust.arcgis.com\"],\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/author\/randallwilliams\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Portal for ArcGIS Security 2022 Update 1 Patch","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2022-update-1-patch","og_locale":"en_US","og_type":"article","og_title":"Portal for ArcGIS Security 2022 Update 1 Patch","og_url":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2022-update-1-patch","og_site_name":"ArcGIS Blog","article_publisher":"https:\/\/www.facebook.com\/esrigis\/","article_modified_time":"2024-05-13T15:47:21+00:00","twitter_card":"summary_large_image","twitter_site":"@ESRI","twitter_misc":{"Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2022-update-1-patch#article","isPartOf":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2022-update-1-patch"},"author":{"name":"Randall Williams","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/6257d65f342fee9c48e7f16f9a428959"},"headline":"Portal for ArcGIS Security 2022 Update 1 Patch","datePublished":"2022-07-20T19:14:28+00:00","dateModified":"2024-05-13T15:47:21+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2022-update-1-patch"},"wordCount":6,"publisher":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization"},"keywords":["CVE","Portal for ArcGIS","SSAMLYMLGP","vulnerabilities"],"articleSection":["Administration"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2022-update-1-patch","url":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2022-update-1-patch","name":"Portal for ArcGIS Security 2022 Update 1 Patch","isPartOf":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#website"},"datePublished":"2022-07-20T19:14:28+00:00","dateModified":"2024-05-13T15:47:21+00:00","breadcrumb":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2022-update-1-patch#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2022-update-1-patch"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2022-update-1-patch#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esri.com\/arcgis-blog\/"},{"@type":"ListItem","position":2,"name":"Portal for ArcGIS Security 2022 Update 1 Patch"}]},{"@type":"WebSite","@id":"https:\/\/www.esri.com\/arcgis-blog\/#website","url":"https:\/\/www.esri.com\/arcgis-blog\/","name":"ArcGIS Blog","description":"Get insider info from Esri product teams","publisher":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esri.com\/arcgis-blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization","name":"Esri","url":"https:\/\/www.esri.com\/arcgis-blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png","contentUrl":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png","width":400,"height":400,"caption":"Esri"},"image":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/esrigis\/","https:\/\/x.com\/ESRI","https:\/\/www.linkedin.com\/company\/5311\/"]},{"@type":"Person","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/6257d65f342fee9c48e7f16f9a428959","name":"Randall Williams","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/image\/","url":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/08\/softwaresecurity.png","contentUrl":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/08\/softwaresecurity.png","caption":"Randall Williams"},"sameAs":["https:\/\/trust.arcgis.com"],"url":"https:\/\/www.esri.com\/arcgis-blog\/author\/randallwilliams"}]}},"text_date":"July 20, 2022","author_name":"Multiple Authors","author_page":"https:\/\/www.esri.com\/arcgis-blog\/products\/arcgis-enterprise\/administration\/portal-for-arcgis-security-2022-update-1-patch","custom_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2025\/08\/Newsroom-Keyart-Wide-1920-x-1080.jpg","primary_product":"ArcGIS Enterprise","tag_data":[{"term_id":759222,"name":"CVE","slug":"cve","term_group":0,"term_taxonomy_id":759222,"taxonomy":"post_tag","description":"","parent":0,"count":32,"filter":"raw"},{"term_id":23311,"name":"Portal for ArcGIS","slug":"portal-for-arcgis","term_group":0,"term_taxonomy_id":23311,"taxonomy":"post_tag","description":"","parent":0,"count":28,"filter":"raw"},{"term_id":241722,"name":"SSAMLYMLGP","slug":"ssamlymlgp","term_group":0,"term_taxonomy_id":241722,"taxonomy":"post_tag","description":"","parent":0,"count":25,"filter":"raw"},{"term_id":760192,"name":"vulnerabilities","slug":"vulnerabilities","term_group":0,"term_taxonomy_id":760192,"taxonomy":"post_tag","description":"","parent":0,"count":4,"filter":"raw"}],"category_data":[{"term_id":37501,"name":"Administration","slug":"administration","term_group":0,"term_taxonomy_id":37501,"taxonomy":"category","description":"","parent":0,"count":427,"filter":"raw"}],"product_data":[{"term_id":36571,"name":"ArcGIS Enterprise","slug":"arcgis-enterprise","term_group":0,"term_taxonomy_id":36571,"taxonomy":"product","description":"","parent":0,"count":976,"filter":"raw"},{"term_id":763582,"name":"ArcGIS Trust Center","slug":"trust-arcgis","term_group":0,"term_taxonomy_id":763582,"taxonomy":"product","description":"Reserved for articles authored by the ArcGIS Trust Center team","parent":36981,"count":89,"filter":"raw"}],"primary_product_link":"https:\/\/www.esri.com\/arcgis-blog\/?s=#&products=arcgis-enterprise","_links":{"self":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog\/1641722","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/users\/5311"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/comments?post=1641722"}],"version-history":[{"count":0,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog\/1641722\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/media?parent=1641722"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/categories?post=1641722"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/tags?post=1641722"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/industry?post=1641722"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/product?post=1641722"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}