{"id":1701122,"date":"2022-10-25T07:01:20","date_gmt":"2022-10-25T14:01:20","guid":{"rendered":"https:\/\/www.esri.com\/arcgis-blog\/?post_type=blog&#038;p=1701122"},"modified":"2024-05-13T08:46:32","modified_gmt":"2024-05-13T15:46:32","slug":"arcgis-server-security-2022-update-1-patch","status":"publish","type":"blog","link":"https:\/\/www.esri.com\/arcgis-blog\/products\/administration\/administration\/arcgis-server-security-2022-update-1-patch","title":{"rendered":"ArcGIS Server Security 2022 Update 1 Patch"},"author":5311,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","format":"standard","meta":{"_acf_changed":false,"_searchwp_excluded":""},"categories":[37501],"tags":[23591,759222,30141,241722,35281],"industry":[],"product":[36571,763582],"class_list":["post-1701122","blog","type-blog","status-publish","format-standard","hentry","category-administration","tag-arcgis-server","tag-cve","tag-security-patch","tag-ssamlymlgp","tag-vulnerability","product-arcgis-enterprise","product-trust-arcgis"],"acf":{"short_description":"Esri has released the ArcGIS Server Security 2022 Update 1 Patch that resolves one high and four moderate severity security vulnerabilities.","flexible_content":[{"acf_fc_layout":"content","content":"<p>Esri has released the ArcGIS Server Security 2022 Update 1 Patch that resolves one high and four moderate severity security vulnerabilities across versions 10.9.1, 10.8.1, and 10.7.1.<\/p>\n<p>This patch is available\u00a0<a href=\"https:\/\/support.esri.com\/en\/download\/8043\"><em>here<\/em><\/a><em>.<\/em><\/p>\n<p>We provide\u00a0<a href=\"https:\/\/www.first.org\/cvss\/v3.1\/user-guide\">Common Vulnerability Scoring System v.3.1 (CVSS)<\/a>\u00a0scores to allow our customers to better assess risk of these vulnerabilities to their operations.\u00a0 Both base and modified temporal scores are provided to reflect the availability of an official patch.<\/p>\n"},{"acf_fc_layout":"sidebar","content":"<p><strong>Key Highlights<\/strong><\/p>\n<ul>\n<li>The ArcGIS Server Security 2022 Update 1 Patch is now available for versions 10.9,1 10.8.1, and 10.7.1.<\/li>\n<li>System administrators: take the time to install this patch at your earliest opportunity to address high and medium severity vulnerabilities.<\/li>\n<\/ul>\n","image_reference":false,"layout":"standard","image_reference_figure":"","snippet":"","spotlight_name":"","section_title":"","position":"Right","spotlight_image":false},{"acf_fc_layout":"content","content":"<h3><strong>Vulnerabilities fixed by this patch<\/strong><\/h3>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38196\"><u>CVE-2022-38196 <\/u><\/a>\u2013\u00a0<u><a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/22.html\">CWE-22<\/a><\/u><\/p>\n<p>There is a<strong> path traversal vulnerability<\/strong> in Esri ArcGIS Server\u00a0 versions 10.9.1 and below that may result in a denial of service by allowing a remote, authenticated attacker to overwrite an internal ArcGIS Server directory.<\/p>\n<p><strong>CVSS Details<\/strong>:<\/p>\n<ul>\n<li>7.2 Base Score, 6.5 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<li>\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H\/RL:O\/MAV:A<\/li>\n<\/ul>\n<p><strong>Mitigations:<\/strong><\/p>\n<p>Disable administration via the ArcGIS Web Adaptor. Disabling administration via the ArcGIS Web Adaptor is recommended as a best practice when exposing ArcGIS Server to the public internet.<\/p>\n<p>See: https:\/\/enterprise.arcgis.com\/en\/web-adaptor\/latest\/install\/iis\/configure-arcgis-web-adaptor-server.htm<\/p>\n<p><strong>Esri Bug ID:<\/strong>\u00a0BUG-000150537<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38195\"><u>CVE-2022-38195 <\/u><\/a>\u2013\u00a0<a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/79.html\">CWE-79<\/a><\/p>\n<p>There is\u00a0a <strong>reflected XSS vulnerability<\/strong>\u00a0in Esri ArcGIS Server versions 10.9.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim\u2019s browser.<\/p>\n<p><strong>CVSS Details:<\/strong><\/p>\n<ul>\n<li>6.1 Base Score, 5.2 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<li>\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N\/RL:O\/MPR:L\/MAV:A<\/li>\n<\/ul>\n<p><strong>Mitigations:<\/strong><\/p>\n<p>Disable administration via the ArcGIS Web Adaptor. Disabling administration via the ArcGIS Web Adaptor is recommended as a best practice when exposing ArcGIS Server to the public internet.<\/p>\n<p>See: https:\/\/enterprise.arcgis.com\/en\/web-adaptor\/latest\/install\/iis\/configure-arcgis-web-adaptor-server.htm<\/p>\n<p><strong>Esri Bug ID:<\/strong>\u00a0BUG-000150540<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38197\"><u>CVE-2022-38197<\/u><\/a>\u00a0\u2013\u00a0<a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/601.html\">CWE-601<\/a><\/p>\n<p>There is an <strong>unvalidated redirect vulnerability<\/strong> in ArcGIS Server that may allow a remote, unauthenticated attacker to phish a user into accessing an attacker controlled website via a crafted query parameter.<\/p>\n<p>CVSS Details:<\/p>\n<ul>\n<li>5.4 Base Score, 4.6 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<li>\/AV:N\/AC:L\/PR:L\/UI:R\/S:C\/C:L\/I:L\/A:N\/RL:O\/MAV:A<\/li>\n<\/ul>\n<p><strong>Mitigations<\/strong>: Disable administration via the ArcGIS Web Adaptor. Disabling administration via the ArcGIS Web Adaptor is recommended as a best practice when exposing ArcGIS Server to the public internet.<\/p>\n<p>See: https:\/\/enterprise.arcgis.com\/en\/web-adaptor\/latest\/install\/iis\/configure-arcgis-web-adaptor-server.htm<\/p>\n<p><strong>Esri Bug ID:<\/strong>\u00a0BUG-000148347<\/p>\n<p>&nbsp;<\/p>\n<p><u><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38198\">CVE-2022-38198<\/a><\/u>\u00a0\u2013\u00a0<a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/79.html\">CWE-79<\/a><\/p>\n<p>There is\u00a0a<strong> reflected XSS vulnerability<\/strong>\u00a0in Esri ArcGIS Server versions 10.9.1 and below which may allow a remote attacker able to convince a user to click on a crafted link which could potentially execute arbitrary JavaScript code in the victim\u2019s browser.<\/p>\n<p><strong>CVSS Details:<\/strong><\/p>\n<ul>\n<li>6.1 Base Score, 5.8 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<li>\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N\/RL:O\/RC:C<\/li>\n<\/ul>\n<p><strong>Mitigations:<\/strong><\/p>\n<p>Disable the ArcGIS Services Directory. Disabling the ArcGIS services directory is recommended as a best practice when exposing GIS Services to the public internet.<\/p>\n<p>See: https:\/\/enterprise.arcgis.com\/en\/server\/latest\/administer\/linux\/disabling-the-services-directory.htm<\/p>\n<p><strong>Esri Bug ID:<\/strong>\u00a0BUG-000146513<\/p>\n<p>&nbsp;<\/p>\n<p><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38198\">CVE-2022-38199<\/a> \u2013\u00a0<a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/494.html\">CWE-494<\/a><\/p>\n<p>A <strong>remote file download vulnerability<\/strong> can occur in some capabilities of web services provided by Esri ArcGIS Server versions 10.9.1 and below that may in some edge cases allow a remote, unauthenticated attacker to induce an unsuspecting victim to launch a process in the victim&#8217;s PATH environment. Current browsers provide users with warnings against running unsigned executables downloaded from the internet.<\/p>\n<p><strong>CVSS Details:<\/strong><\/p>\n<ul>\n<li>6.1 Base Score, 5.8 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<li>\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N\/RL:O<\/li>\n<\/ul>\n<p><strong>Esri Bug ID:<\/strong>\u00a0BUG-000144172<\/p>\n<p><strong>Credit:<\/strong> David M. Chavez<\/p>\n"}],"related_articles":"","authors":[{"ID":5311,"user_firstname":"Randall","user_lastname":"Williams","nickname":"Randall Williams","user_nicename":"randallwilliams","display_name":"Randall Williams","user_email":"randall_williams@esri.com","user_url":"https:\/\/trust.arcgis.com","user_registered":"2018-03-02 00:17:03","user_description":"","user_avatar":"<img data-del=\"avatar\" src='https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/08\/softwaresecurity.png' class='avatar pp-user-avatar avatar-96 photo ' height='96' width='96'\/>"},{"ID":3911,"user_firstname":"Michael","user_lastname":"Young","nickname":"Michael Young","user_nicename":"myoung1000","display_name":"Michael Young","user_email":"myoung@esri.com","user_url":"http:\/\/trust.arcgis.com","user_registered":"2018-03-02 00:15:29","user_description":"","user_avatar":"<img data-del=\"avatar\" src='https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2021\/12\/SSP-213x200.jpg' class='avatar pp-user-avatar avatar-96 photo ' height='96' width='96'\/>"}],"card_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2021\/05\/SA-Server.gif","wide_image":false},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.9 (Yoast SEO v25.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>ArcGIS Server Security 2022 Update 1 Patch<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esri.com\/arcgis-blog\/products\/administration\/administration\/arcgis-server-security-2022-update-1-patch\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ArcGIS Server Security 2022 Update 1 Patch\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esri.com\/arcgis-blog\/products\/administration\/administration\/arcgis-server-security-2022-update-1-patch\" \/>\n<meta property=\"og:site_name\" content=\"ArcGIS Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/esrigis\/\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-13T15:46:32+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@ESRI\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"3 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/administration\/administration\/arcgis-server-security-2022-update-1-patch#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/administration\/administration\/arcgis-server-security-2022-update-1-patch\"},\"author\":{\"name\":\"Randall Williams\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/6257d65f342fee9c48e7f16f9a428959\"},\"headline\":\"ArcGIS Server Security 2022 Update 1 Patch\",\"datePublished\":\"2022-10-25T14:01:20+00:00\",\"dateModified\":\"2024-05-13T15:46:32+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/administration\/administration\/arcgis-server-security-2022-update-1-patch\"},\"wordCount\":5,\"publisher\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\"},\"keywords\":[\"ArcGIS Server\",\"CVE\",\"security patch\",\"SSAMLYMLGP\",\"vulnerability\"],\"articleSection\":[\"Administration\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/administration\/administration\/arcgis-server-security-2022-update-1-patch\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/administration\/administration\/arcgis-server-security-2022-update-1-patch\",\"name\":\"ArcGIS Server Security 2022 Update 1 Patch\",\"isPartOf\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#website\"},\"datePublished\":\"2022-10-25T14:01:20+00:00\",\"dateModified\":\"2024-05-13T15:46:32+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/administration\/administration\/arcgis-server-security-2022-update-1-patch#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esri.com\/arcgis-blog\/products\/administration\/administration\/arcgis-server-security-2022-update-1-patch\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/administration\/administration\/arcgis-server-security-2022-update-1-patch#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esri.com\/arcgis-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ArcGIS Server Security 2022 Update 1 Patch\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#website\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/\",\"name\":\"ArcGIS Blog\",\"description\":\"Get insider info from Esri product teams\",\"publisher\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esri.com\/arcgis-blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\",\"name\":\"Esri\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png\",\"contentUrl\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png\",\"width\":400,\"height\":400,\"caption\":\"Esri\"},\"image\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/esrigis\/\",\"https:\/\/x.com\/ESRI\",\"https:\/\/www.linkedin.com\/company\/5311\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/6257d65f342fee9c48e7f16f9a428959\",\"name\":\"Randall Williams\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/08\/softwaresecurity.png\",\"contentUrl\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/08\/softwaresecurity.png\",\"caption\":\"Randall Williams\"},\"sameAs\":[\"https:\/\/trust.arcgis.com\"],\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/author\/randallwilliams\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"ArcGIS Server Security 2022 Update 1 Patch","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esri.com\/arcgis-blog\/products\/administration\/administration\/arcgis-server-security-2022-update-1-patch","og_locale":"en_US","og_type":"article","og_title":"ArcGIS Server Security 2022 Update 1 Patch","og_url":"https:\/\/www.esri.com\/arcgis-blog\/products\/administration\/administration\/arcgis-server-security-2022-update-1-patch","og_site_name":"ArcGIS Blog","article_publisher":"https:\/\/www.facebook.com\/esrigis\/","article_modified_time":"2024-05-13T15:46:32+00:00","twitter_card":"summary_large_image","twitter_site":"@ESRI","twitter_misc":{"Est. reading time":"3 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/administration\/administration\/arcgis-server-security-2022-update-1-patch#article","isPartOf":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/administration\/administration\/arcgis-server-security-2022-update-1-patch"},"author":{"name":"Randall Williams","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/6257d65f342fee9c48e7f16f9a428959"},"headline":"ArcGIS Server Security 2022 Update 1 Patch","datePublished":"2022-10-25T14:01:20+00:00","dateModified":"2024-05-13T15:46:32+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/administration\/administration\/arcgis-server-security-2022-update-1-patch"},"wordCount":5,"publisher":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization"},"keywords":["ArcGIS Server","CVE","security patch","SSAMLYMLGP","vulnerability"],"articleSection":["Administration"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/administration\/administration\/arcgis-server-security-2022-update-1-patch","url":"https:\/\/www.esri.com\/arcgis-blog\/products\/administration\/administration\/arcgis-server-security-2022-update-1-patch","name":"ArcGIS Server Security 2022 Update 1 Patch","isPartOf":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#website"},"datePublished":"2022-10-25T14:01:20+00:00","dateModified":"2024-05-13T15:46:32+00:00","breadcrumb":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/administration\/administration\/arcgis-server-security-2022-update-1-patch#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esri.com\/arcgis-blog\/products\/administration\/administration\/arcgis-server-security-2022-update-1-patch"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/administration\/administration\/arcgis-server-security-2022-update-1-patch#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esri.com\/arcgis-blog\/"},{"@type":"ListItem","position":2,"name":"ArcGIS Server Security 2022 Update 1 Patch"}]},{"@type":"WebSite","@id":"https:\/\/www.esri.com\/arcgis-blog\/#website","url":"https:\/\/www.esri.com\/arcgis-blog\/","name":"ArcGIS Blog","description":"Get insider info from Esri product teams","publisher":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esri.com\/arcgis-blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization","name":"Esri","url":"https:\/\/www.esri.com\/arcgis-blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png","contentUrl":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png","width":400,"height":400,"caption":"Esri"},"image":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/esrigis\/","https:\/\/x.com\/ESRI","https:\/\/www.linkedin.com\/company\/5311\/"]},{"@type":"Person","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/6257d65f342fee9c48e7f16f9a428959","name":"Randall Williams","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/image\/","url":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/08\/softwaresecurity.png","contentUrl":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/08\/softwaresecurity.png","caption":"Randall Williams"},"sameAs":["https:\/\/trust.arcgis.com"],"url":"https:\/\/www.esri.com\/arcgis-blog\/author\/randallwilliams"}]}},"text_date":"October 25, 2022","author_name":"Multiple Authors","author_page":"https:\/\/www.esri.com\/arcgis-blog\/products\/administration\/administration\/arcgis-server-security-2022-update-1-patch","custom_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2025\/08\/Newsroom-Keyart-Wide-1920-x-1080.jpg","primary_product":"ArcGIS Enterprise","tag_data":[{"term_id":23591,"name":"ArcGIS Server","slug":"arcgis-server","term_group":0,"term_taxonomy_id":23591,"taxonomy":"post_tag","description":"","parent":0,"count":53,"filter":"raw"},{"term_id":759222,"name":"CVE","slug":"cve","term_group":0,"term_taxonomy_id":759222,"taxonomy":"post_tag","description":"","parent":0,"count":33,"filter":"raw"},{"term_id":30141,"name":"security patch","slug":"security-patch","term_group":0,"term_taxonomy_id":30141,"taxonomy":"post_tag","description":"","parent":0,"count":20,"filter":"raw"},{"term_id":241722,"name":"SSAMLYMLGP","slug":"ssamlymlgp","term_group":0,"term_taxonomy_id":241722,"taxonomy":"post_tag","description":"","parent":0,"count":25,"filter":"raw"},{"term_id":35281,"name":"vulnerability","slug":"vulnerability","term_group":0,"term_taxonomy_id":35281,"taxonomy":"post_tag","description":"","parent":0,"count":8,"filter":"raw"}],"category_data":[{"term_id":37501,"name":"Administration","slug":"administration","term_group":0,"term_taxonomy_id":37501,"taxonomy":"category","description":"","parent":0,"count":438,"filter":"raw"}],"product_data":[{"term_id":36571,"name":"ArcGIS Enterprise","slug":"arcgis-enterprise","term_group":0,"term_taxonomy_id":36571,"taxonomy":"product","description":"","parent":0,"count":1006,"filter":"raw"},{"term_id":763582,"name":"ArcGIS Trust Center","slug":"trust-arcgis","term_group":0,"term_taxonomy_id":763582,"taxonomy":"product","description":"Reserved for articles authored by the ArcGIS Trust Center team","parent":36981,"count":91,"filter":"raw"}],"primary_product_link":"https:\/\/www.esri.com\/arcgis-blog\/?s=#&products=arcgis-enterprise","_links":{"self":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog\/1701122","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/users\/5311"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/comments?post=1701122"}],"version-history":[{"count":0,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog\/1701122\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/media?parent=1701122"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/categories?post=1701122"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/tags?post=1701122"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/industry?post=1701122"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/product?post=1701122"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}