{"id":1806192,"date":"2022-12-29T10:53:24","date_gmt":"2022-12-29T18:53:24","guid":{"rendered":"https:\/\/www.esri.com\/arcgis-blog\/?post_type=blog&#038;p=1806192"},"modified":"2025-01-15T11:04:16","modified_gmt":"2025-01-15T19:04:16","slug":"portal-for-arcgis-security-2022-update-2-patch-is-now-available","status":"publish","type":"blog","link":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/portal-for-arcgis-security-2022-update-2-patch-is-now-available","title":{"rendered":"Portal for ArcGIS Security 2022 Update 2 Patch is now available"},"author":5311,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","format":"standard","meta":{"_acf_changed":false,"_searchwp_excluded":""},"categories":[37501],"tags":[42301,759222,30141,241722],"industry":[],"product":[763582],"class_list":["post-1806192","blog","type-blog","status-publish","format-standard","hentry","category-administration","tag-arcgis-enterprise","tag-cve","tag-security-patch","tag-ssamlymlgp","product-trust-arcgis"],"acf":{"short_description":"Esri has released the Portal for ArcGIS Security 2022 Update 2 Patch that resolves multiple high and medium severity security vulnerabilities.","flexible_content":[{"acf_fc_layout":"content","content":"<p>Esri has released the Portal for ArcGIS Security 2022 Update 2 Patch that resolves multiple high and medium severity security vulnerabilities across versions 11.0, 10.9.1, 10.8.1, and 10.7.1.<\/p>\n<p>This patch was released on 12\/5\/2022 and is available <em><a href=\"https:\/\/support.esri.com\/en\/download\/8070\" aria-describedby=\"new-window\">here<\/a><\/em><em>.<\/em><\/p>\n<p><em>\u00a0<\/em>We provide\u00a0<a href=\"https:\/\/www.first.org\/cvss\/v3.1\/user-guide\" aria-describedby=\"new-window\">Common Vulnerability Scoring System v.3.1 (CVSS)<\/a>\u00a0scores to allow our customers to better assess risk of these vulnerabilities to their operations.\u00a0 Both base and modified temporal scores are provided to reflect the availability of an official patch.<\/p>\n"},{"acf_fc_layout":"sidebar","content":"<p><strong>Key Highlights<\/strong><\/p>\n<ul>\n<li>The Portal for ArcGIS Security 2022 Update 2 Patch is now available for versions 11.0, 10.9,1 10.8.1, and 10.7.1.<\/li>\n<li>System administrators: take the time to install this patch at your earliest opportunity to address high and medium severity vulnerabilities.<\/li>\n<li>The 11.0 version of this patch includes a resolution for\u00a0<a href=\"https:\/\/support.esri.com\/en\/bugs\/nimbus\/QlVHLTAwMDE1Mjg4OA==\">BUG-000152888<\/a>\u00a0which addresses a failure when upgrading to version 11.0.\n<ul>\n<li>To realize the benefit of the resolution for\u00a0<a href=\"https:\/\/support.esri.com\/en\/bugs\/nimbus\/QlVHLTAwMDE1Mjg4OA==\">BUG-000152888<\/a>, you must apply this patch after the installation of Portal for ArcGIS 11.0 is complete but before running the Continue Portal Upgrade process.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n","image_reference":false,"layout":"standard","image_reference_figure":"","snippet":"","spotlight_name":"","section_title":"","position":"Right","spotlight_image":false},{"acf_fc_layout":"content","content":"<h2><strong>Vulnerabilities fixed by this patch<\/strong><\/h2>\n<h3><strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38205\">CVE-2022-38205\u00a0<\/a>\u2013\u00a0<\/strong><a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/23.html\" aria-describedby=\"new-window\"><strong>CWE-23<\/strong><\/a><\/h3>\n<p>In some non-default installations of Esri Portal for ArcGIS versions 10.9.1 and below, a directory traversal issue may allow a remote, unauthenticated attacker to traverse the file system and lead to the disclosure of sensitive data (not customer-published content).<\/p>\n<p><strong>CVSS Details:<\/strong><\/p>\n<ul>\n<li>8.6 Base Score, 8.2 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<li>#CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:C\/C:H\/I:N\/A:N\/RL:O\/RC:C<\/li>\n<li><strong>Mitigations:\u00a0<\/strong>Installations using default installation paths are unaffected<\/li>\n<\/ul>\n<p><strong>Esri Bug ID:\u00a0BUG-000148810<\/strong><\/p>\n<p>&nbsp;<\/p>\n<h3><strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38203\">CVE-2022-38203<\/a>\u2013\u00a0<\/strong><a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/918.html\" aria-describedby=\"new-window\"><strong>CWE-918<\/strong><\/a><\/h3>\n<p>Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38212.<\/p>\n<p><strong>CVSS Details:<\/strong><\/p>\n<ul>\n<li>7.5 Base Score, 7.2 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<li>#CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N\/RL:O\/RC:C<\/li>\n<\/ul>\n<p><strong>Esri Bug ID:\u00a0BUG-000143641<\/strong><\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<h3><strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38211\">CVE-2022-38211<\/a>\u2013\u00a0<\/strong><a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/918.html\" aria-describedby=\"new-window\"><strong>CWE-918<\/strong><\/a><\/h3>\n<p>Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38212 and CVE-2022-38203.<\/p>\n<p><strong>CVSS Details:<\/strong><\/p>\n<ul>\n<li>7.5 Base Score, 7.2 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<li>#CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N\/RL:O\/RC:C<\/li>\n<\/ul>\n<p><strong>Esri Bug ID:\u00a0BUG-000143573<\/strong><\/p>\n<p>&nbsp;<\/p>\n<h3><strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38212\">CVE-2022-38212<\/a>\u2013\u00a0<\/strong><a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/918.html\" aria-describedby=\"new-window\"><strong>CWE-918<\/strong><\/a><\/h3>\n<p>Protections against potential Server-Side Request Forgery (SSRF) vulnerabilities in Esri Portal for ArcGIS versions 10.8.1 and below were not fully honored and may allow a remote, unauthenticated attacker to forge requests to arbitrary URLs from the system, potentially leading to network enumeration or reading from hosts inside the network perimeter, a different issue than CVE-2022-38211 and CVE-2022-38203.<\/p>\n<p><strong>CVSS Details:<\/strong><\/p>\n<ul>\n<li>7.5 Base Score, 7.2 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<li>#CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:H\/I:N\/A:N\/RL:O\/RC:C<\/li>\n<\/ul>\n<p><strong>Esri Bug ID:\u00a0BUG-000130783<\/strong><\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<h3><strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38204\">CVE-2022-38204<\/a>\u2013\u00a0<\/strong><a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/79.html\" aria-describedby=\"new-window\"><strong>CWE-79<\/strong><\/a><\/h3>\n<p>There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser.<\/p>\n<p><strong>CVSS Details:<\/strong><\/p>\n<ul>\n<li>6.1 Base Score, 5.2 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<li>#CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N\/RL:O\/MPR:L\/MAV:A<\/li>\n<\/ul>\n<p><strong>Esri Bug ID:\u00a0BUG-000141886<\/strong><\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<h3><strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38206\">CVE-2022-38206<\/a>\u2013\u00a0<\/strong><a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/79.html\" aria-describedby=\"new-window\"><strong>CWE-79<\/strong><\/a><\/h3>\n<p>There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser.<\/p>\n<p><strong>CVSS Details:<\/strong><\/p>\n<ul>\n<li>6.1 Base Score, 5.2 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<li>#CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N\/RL:O\/MPR:L\/MAV:A<\/li>\n<\/ul>\n<p><strong>Esri Bug ID:\u00a0BUG-000151892<\/strong><\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<h3><strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38207\">CVE-2022-38207<\/a>\u2013\u00a0<\/strong><a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/79.html\" aria-describedby=\"new-window\"><strong>CWE-79<\/strong><\/a><\/h3>\n<p>There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.8.1 and 10.7.1 which may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser.<\/p>\n<p><strong>CVSS Details:<\/strong><\/p>\n<ul>\n<li>6.1 Base Score, 5.2 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<li>#CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N\/RL:O\/MPR:L\/MAV:A<\/li>\n<\/ul>\n<p><strong>Esri Bug ID: BUG-000136210<\/strong><\/p>\n<p>&nbsp;<\/p>\n<h3><strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38209\">CVE-2022-38209<\/a>\u2013\u00a0<\/strong><a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/79.html\" aria-describedby=\"new-window\"><strong>CWE-79<\/strong><\/a><\/h3>\n<p>There is a reflected XSS vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could potentially execute arbitrary JavaScript code in the victim\u2019s browser.<\/p>\n<p><strong>CVSS Details:<\/strong><\/p>\n<ul>\n<li>6.1 Base Score, 5.2 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<li>#CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N\/RL:O\/MPR:L\/MAV:A<\/li>\n<\/ul>\n<p><strong>Esri Bug ID:\u00a0BUG-000152437<\/strong><\/p>\n<p><strong>\u00a0<\/strong><\/p>\n<h3><strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38210\">CVE-2022-38210<\/a>\u2013\u00a0<\/strong><a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/601.html\" aria-describedby=\"new-window\"><strong>CWE-79<\/strong><\/a><\/h3>\n<p>There is a reflected HTML injection vulnerability in Esri Portal for ArcGIS versions 10.9.1 and below that may allow a remote, unauthenticated attacker to create a crafted link which when clicked could render arbitrary HTML in the victim\u2019s browser.<\/p>\n<p><strong>CVSS Details:<\/strong><\/p>\n<ul>\n<li>6.1 Base Score, 5.2 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<li>#CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N\/RL:O\/MPR:L\/MAV:A<\/li>\n<\/ul>\n<p><strong>Esri Bug ID: BUG-000148008<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p><strong><a href=\"https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38210\">CVE-2022-38208<\/a>\u2013\u00a0<\/strong><a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/79.html\" aria-describedby=\"new-window\"><strong>CWE-79<\/strong><\/a><\/p>\n<p>There is an unvalidated redirect vulnerability in Esri Portal for ArcGIS 11.0 and below that may allow a remote, unauthenticated attacker to craft a URL that could redirect a victim to an arbitrary website, simplying phishing attacks. <strong>CVSS Details:<\/strong><\/p>\n<ul>\n<li>6.1 Base Score, 5.2 Temporal Score<\/li>\n<li>Remediation Level: Official Fix Available<\/li>\n<li>Report Confidence: Confirmed by Esri<\/li>\n<li>#CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:R\/S:C\/C:L\/I:L\/A:N\/RL:O\/MPR:L\/MAV:A<\/li>\n<\/ul>\n<p><strong>Esri Bug ID:\u00a0BUG-000152035<\/strong><\/p>\n"}],"related_articles":"","authors":[{"ID":5311,"user_firstname":"Randall","user_lastname":"Williams","nickname":"Randall Williams","user_nicename":"randallwilliams","display_name":"Randall Williams","user_email":"randall_williams@esri.com","user_url":"https:\/\/trust.arcgis.com","user_registered":"2018-03-02 00:17:03","user_description":"","user_avatar":"<img data-del=\"avatar\" src='https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/08\/softwaresecurity.png' class='avatar pp-user-avatar avatar-96 photo ' height='96' width='96'\/>"},{"ID":3911,"user_firstname":"Michael","user_lastname":"Young","nickname":"Michael Young","user_nicename":"myoung1000","display_name":"Michael Young","user_email":"myoung@esri.com","user_url":"http:\/\/trust.arcgis.com","user_registered":"2018-03-02 00:15:29","user_description":"","user_avatar":"<img data-del=\"avatar\" src='https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2021\/12\/SSP-213x200.jpg' class='avatar pp-user-avatar avatar-96 photo ' height='96' width='96'\/>"}],"card_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2021\/07\/SA-Portal.gif","wide_image":false,"show_article_image":false},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.9 (Yoast SEO v25.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>Portal for ArcGIS Security 2022 Update 2 Patch is now available<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/portal-for-arcgis-security-2022-update-2-patch-is-now-available\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Portal for ArcGIS Security 2022 Update 2 Patch is now available\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/portal-for-arcgis-security-2022-update-2-patch-is-now-available\" \/>\n<meta property=\"og:site_name\" content=\"ArcGIS Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/esrigis\/\" \/>\n<meta property=\"article:modified_time\" content=\"2025-01-15T19:04:16+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@ESRI\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/portal-for-arcgis-security-2022-update-2-patch-is-now-available#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/portal-for-arcgis-security-2022-update-2-patch-is-now-available\"},\"author\":{\"name\":\"Randall Williams\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/6257d65f342fee9c48e7f16f9a428959\"},\"headline\":\"Portal for ArcGIS Security 2022 Update 2 Patch is now available\",\"datePublished\":\"2022-12-29T18:53:24+00:00\",\"dateModified\":\"2025-01-15T19:04:16+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/portal-for-arcgis-security-2022-update-2-patch-is-now-available\"},\"wordCount\":9,\"publisher\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\"},\"keywords\":[\"ArcGIS Enterprise\",\"CVE\",\"security patch\",\"SSAMLYMLGP\"],\"articleSection\":[\"Administration\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/portal-for-arcgis-security-2022-update-2-patch-is-now-available\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/portal-for-arcgis-security-2022-update-2-patch-is-now-available\",\"name\":\"Portal for ArcGIS Security 2022 Update 2 Patch is now available\",\"isPartOf\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#website\"},\"datePublished\":\"2022-12-29T18:53:24+00:00\",\"dateModified\":\"2025-01-15T19:04:16+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/portal-for-arcgis-security-2022-update-2-patch-is-now-available#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/portal-for-arcgis-security-2022-update-2-patch-is-now-available\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/portal-for-arcgis-security-2022-update-2-patch-is-now-available#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esri.com\/arcgis-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Portal for ArcGIS Security 2022 Update 2 Patch is now available\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#website\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/\",\"name\":\"ArcGIS Blog\",\"description\":\"Get insider info from Esri product teams\",\"publisher\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esri.com\/arcgis-blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\",\"name\":\"Esri\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png\",\"contentUrl\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png\",\"width\":400,\"height\":400,\"caption\":\"Esri\"},\"image\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/esrigis\/\",\"https:\/\/x.com\/ESRI\",\"https:\/\/www.linkedin.com\/company\/5311\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/6257d65f342fee9c48e7f16f9a428959\",\"name\":\"Randall Williams\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/08\/softwaresecurity.png\",\"contentUrl\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/08\/softwaresecurity.png\",\"caption\":\"Randall Williams\"},\"sameAs\":[\"https:\/\/trust.arcgis.com\"],\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/author\/randallwilliams\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"Portal for ArcGIS Security 2022 Update 2 Patch is now available","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/portal-for-arcgis-security-2022-update-2-patch-is-now-available","og_locale":"en_US","og_type":"article","og_title":"Portal for ArcGIS Security 2022 Update 2 Patch is now available","og_url":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/portal-for-arcgis-security-2022-update-2-patch-is-now-available","og_site_name":"ArcGIS Blog","article_publisher":"https:\/\/www.facebook.com\/esrigis\/","article_modified_time":"2025-01-15T19:04:16+00:00","twitter_card":"summary_large_image","twitter_site":"@ESRI","twitter_misc":{"Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/portal-for-arcgis-security-2022-update-2-patch-is-now-available#article","isPartOf":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/portal-for-arcgis-security-2022-update-2-patch-is-now-available"},"author":{"name":"Randall Williams","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/6257d65f342fee9c48e7f16f9a428959"},"headline":"Portal for ArcGIS Security 2022 Update 2 Patch is now available","datePublished":"2022-12-29T18:53:24+00:00","dateModified":"2025-01-15T19:04:16+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/portal-for-arcgis-security-2022-update-2-patch-is-now-available"},"wordCount":9,"publisher":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization"},"keywords":["ArcGIS Enterprise","CVE","security patch","SSAMLYMLGP"],"articleSection":["Administration"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/portal-for-arcgis-security-2022-update-2-patch-is-now-available","url":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/portal-for-arcgis-security-2022-update-2-patch-is-now-available","name":"Portal for ArcGIS Security 2022 Update 2 Patch is now available","isPartOf":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#website"},"datePublished":"2022-12-29T18:53:24+00:00","dateModified":"2025-01-15T19:04:16+00:00","breadcrumb":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/portal-for-arcgis-security-2022-update-2-patch-is-now-available#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/portal-for-arcgis-security-2022-update-2-patch-is-now-available"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/portal-for-arcgis-security-2022-update-2-patch-is-now-available#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esri.com\/arcgis-blog\/"},{"@type":"ListItem","position":2,"name":"Portal for ArcGIS Security 2022 Update 2 Patch is now available"}]},{"@type":"WebSite","@id":"https:\/\/www.esri.com\/arcgis-blog\/#website","url":"https:\/\/www.esri.com\/arcgis-blog\/","name":"ArcGIS Blog","description":"Get insider info from Esri product teams","publisher":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esri.com\/arcgis-blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization","name":"Esri","url":"https:\/\/www.esri.com\/arcgis-blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png","contentUrl":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png","width":400,"height":400,"caption":"Esri"},"image":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/esrigis\/","https:\/\/x.com\/ESRI","https:\/\/www.linkedin.com\/company\/5311\/"]},{"@type":"Person","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/6257d65f342fee9c48e7f16f9a428959","name":"Randall Williams","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/image\/","url":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/08\/softwaresecurity.png","contentUrl":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/08\/softwaresecurity.png","caption":"Randall Williams"},"sameAs":["https:\/\/trust.arcgis.com"],"url":"https:\/\/www.esri.com\/arcgis-blog\/author\/randallwilliams"}]}},"text_date":"December 29, 2022","author_name":"Multiple Authors","author_page":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/portal-for-arcgis-security-2022-update-2-patch-is-now-available","custom_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2025\/08\/Newsroom-Keyart-Wide-1920-x-1080.jpg","primary_product":"ArcGIS Trust Center","tag_data":[{"term_id":42301,"name":"ArcGIS Enterprise","slug":"arcgis-enterprise","term_group":0,"term_taxonomy_id":42301,"taxonomy":"post_tag","description":"","parent":0,"count":209,"filter":"raw"},{"term_id":759222,"name":"CVE","slug":"cve","term_group":0,"term_taxonomy_id":759222,"taxonomy":"post_tag","description":"","parent":0,"count":32,"filter":"raw"},{"term_id":30141,"name":"security patch","slug":"security-patch","term_group":0,"term_taxonomy_id":30141,"taxonomy":"post_tag","description":"","parent":0,"count":20,"filter":"raw"},{"term_id":241722,"name":"SSAMLYMLGP","slug":"ssamlymlgp","term_group":0,"term_taxonomy_id":241722,"taxonomy":"post_tag","description":"","parent":0,"count":25,"filter":"raw"}],"category_data":[{"term_id":37501,"name":"Administration","slug":"administration","term_group":0,"term_taxonomy_id":37501,"taxonomy":"category","description":"","parent":0,"count":427,"filter":"raw"}],"product_data":[{"term_id":763582,"name":"ArcGIS Trust Center","slug":"trust-arcgis","term_group":0,"term_taxonomy_id":763582,"taxonomy":"product","description":"Reserved for articles authored by the ArcGIS Trust Center team","parent":36981,"count":89,"filter":"raw"}],"primary_product_link":"https:\/\/www.esri.com\/arcgis-blog\/?s=#&products=trust-arcgis","_links":{"self":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog\/1806192","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/users\/5311"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/comments?post=1806192"}],"version-history":[{"count":0,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog\/1806192\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/media?parent=1806192"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/categories?post=1806192"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/tags?post=1806192"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/industry?post=1806192"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/product?post=1806192"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}