{"id":2056962,"date":"2023-08-18T18:04:04","date_gmt":"2023-08-19T01:04:04","guid":{"rendered":"https:\/\/www.esri.com\/arcgis-blog\/?post_type=blog&#038;p=2056962"},"modified":"2024-05-13T08:11:24","modified_gmt":"2024-05-13T15:11:24","slug":"arcgis-server-map-and-feature-service-security-2023-update-1-patch","status":"publish","type":"blog","link":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/arcgis-server-map-and-feature-service-security-2023-update-1-patch","title":{"rendered":"ArcGIS Server Map and Feature Service Security 2023 Update 1"},"author":136891,"featured_media":0,"parent":0,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","format":"standard","meta":{"_acf_changed":false,"_searchwp_excluded":""},"categories":[37501],"tags":[24081,759222,24071,241722],"industry":[],"product":[763582],"class_list":["post-2056962","blog","type-blog","status-publish","format-standard","hentry","category-administration","tag-ssamymlgp","tag-cve","tag-security","tag-ssamlymlgp","product-trust-arcgis"],"acf":{"authors":[{"ID":136891,"user_firstname":"Mark","user_lastname":"Bierman","nickname":"Mark Bierman","user_nicename":"mbierman","display_name":"Mark Bierman","user_email":"MBierman@esri.com","user_url":"","user_registered":"2020-12-08 21:10:04","user_description":"","user_avatar":"<img data-del=\"avatar\" src='https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2023\/06\/softwaresecurity-213x200.png' class='avatar pp-user-avatar avatar-96 photo ' height='96' width='96'\/>"},{"ID":5311,"user_firstname":"Randall","user_lastname":"Williams","nickname":"Randall Williams","user_nicename":"randallwilliams","display_name":"Randall Williams","user_email":"randall_williams@esri.com","user_url":"https:\/\/trust.arcgis.com","user_registered":"2018-03-02 00:17:03","user_description":"","user_avatar":"<img data-del=\"avatar\" src='https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/08\/softwaresecurity.png' class='avatar pp-user-avatar avatar-96 photo ' height='96' width='96'\/>"},{"ID":3911,"user_firstname":"Michael","user_lastname":"Young","nickname":"Michael Young","user_nicename":"myoung1000","display_name":"Michael Young","user_email":"myoung@esri.com","user_url":"http:\/\/trust.arcgis.com","user_registered":"2018-03-02 00:15:29","user_description":"","user_avatar":"<img data-del=\"avatar\" src='https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2021\/12\/SSP-213x200.jpg' class='avatar pp-user-avatar avatar-96 photo ' height='96' width='96'\/>"}],"short_description":"The ArcGIS Server Map and Feature Service Security 2023 Update 1 Patch is now available","flexible_content":[{"acf_fc_layout":"content","content":"<p>The ArcGIS Server Map and Feature Service Security 2023 Update 1 Patch is now avaialble. This patch contains a fix for one Medium Severity Security vulnerability,\u00a0 as well as fixes for other non-security related bugs. \u00a0Esri highly recommends customers using ArcGIS Enterprise 10.8.1 through ArcGIS 11.1 install this patch. Users with older versions under mature support should upgrade to ArcGIS Enterprise 11.1 and then install this patch.<\/p>\n<p>This patch was released on 8\/22\/2023 and is available <a href=\"https:\/\/support.esri.com\/en-us\/patches-updates\/2023\/arcgis-server-map-and-feature-service-security-2023-update-1-patch\"><em>here<\/em><\/a>.<\/p>\n<p>&nbsp;<\/p>\n"},{"acf_fc_layout":"sidebar","content":"<h3><strong>Key highlights<\/strong><\/h3>\n<ul>\n<li>Esri has released the ArcGIS Server Map and Feature Service Security 2023 Update 1 Patch<\/li>\n<li>This path should be applied to each machine running ArcGIS Server (Windows or Linux).<\/li>\n<li>Users and System administrators: \u00a0Take the time to install these patches at your earliest opportunity to address these vulnerabilities.<\/li>\n<li>We provide Common Vulnerability Scoring System v.3.1 (CVSS) scores to allow our customers to better assess the risk of these vulnerabilities to their operations.\n<ul>\n<li>Both CVSS base and modified temporal scores are provided to reflect the availability of an official patch.<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n","image_reference":false,"layout":"standard","image_reference_figure":"","snippet":"","spotlight_name":"","section_title":"","position":"Center","spotlight_image":false},{"acf_fc_layout":"content","content":"<p>Vulnerabilities fixed by this patch.<\/p>\n<p>CVE-2023-25848: There is an information disclosure issue in ArcGIS Server.<\/p>\n<p>ArcGIS Enterprise Server versions 11.0 and below have an information disclosure vulnerability where a remote, unauthorized attacker may submit a crafted query that may result in a low severity information disclosure issue.<br \/>\nThe information disclosed is limited to a single attribute in a database connection string. No business data is disclosed.<\/p>\n<p>Impact: Information Disclosure<br \/>\n<a href=\"https:\/\/www.first.org\/cvss\/calculator\/3.1#CVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N\/E:P\/RL:O\/RC:C\">CVSSv31: \/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N\/E:P\/RL:O\/RC:C<\/a> 4.8 (Moderate)<br \/>\nExploit Code Maturity: Proof of Concept<br \/>\nRemediation Level: Official Fix<br \/>\nReport Confidence: Confirmed<\/p>\n<p><a href=\"https:\/\/cwe.mitre.org\/data\/definitions\/89.html\">CWE-89\u00a0<\/a> \u2013 Improper Neutralization of Special Elements used in an SQL Command (&#8216;SQL Injection&#8217;)<\/p>\n<p><span class=\"ui-provider bgi bgj bgk bgl bgm bgn bgo bgp bgq bgr bgs bgt bgu bgv bgw bgx bgy bgz bha bhb bhc bhd bhe bhf bhg bhh bhi bhj bhk bhl bhm bhn bho bhp bhq\" dir=\"ltr\">Mitigation: secure the web service.<\/span><\/p>\n<p>&nbsp;<\/p>\n"}],"related_articles":"","card_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2021\/05\/SA-Server.gif","wide_image":false},"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v25.9 (Yoast SEO v25.9) - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>ArcGIS Server Map and Feature Service Security 2023 Update 1<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/arcgis-server-map-and-feature-service-security-2023-update-1-patch\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"ArcGIS Server Map and Feature Service Security 2023 Update 1\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/arcgis-server-map-and-feature-service-security-2023-update-1-patch\" \/>\n<meta property=\"og:site_name\" content=\"ArcGIS Blog\" \/>\n<meta property=\"article:publisher\" content=\"https:\/\/www.facebook.com\/esrigis\/\" \/>\n<meta property=\"article:modified_time\" content=\"2024-05-13T15:11:24+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:site\" content=\"@ESRI\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":[\"Article\",\"BlogPosting\"],\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/arcgis-server-map-and-feature-service-security-2023-update-1-patch#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/arcgis-server-map-and-feature-service-security-2023-update-1-patch\"},\"author\":{\"name\":\"Mark Bierman\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/928a9a9a1a21dc0cf370b54b135e73ed\"},\"headline\":\"ArcGIS Server Map and Feature Service Security 2023 Update 1\",\"datePublished\":\"2023-08-19T01:04:04+00:00\",\"dateModified\":\"2024-05-13T15:11:24+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/arcgis-server-map-and-feature-service-security-2023-update-1-patch\"},\"wordCount\":8,\"publisher\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\"},\"keywords\":[\"ArcGIS Trust Center\",\"CVE\",\"Security\",\"SSAMLYMLGP\"],\"articleSection\":[\"Administration\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/arcgis-server-map-and-feature-service-security-2023-update-1-patch\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/arcgis-server-map-and-feature-service-security-2023-update-1-patch\",\"name\":\"ArcGIS Server Map and Feature Service Security 2023 Update 1\",\"isPartOf\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#website\"},\"datePublished\":\"2023-08-19T01:04:04+00:00\",\"dateModified\":\"2024-05-13T15:11:24+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/arcgis-server-map-and-feature-service-security-2023-update-1-patch#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/arcgis-server-map-and-feature-service-security-2023-update-1-patch\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/arcgis-server-map-and-feature-service-security-2023-update-1-patch#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.esri.com\/arcgis-blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"ArcGIS Server Map and Feature Service Security 2023 Update 1\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#website\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/\",\"name\":\"ArcGIS Blog\",\"description\":\"Get insider info from Esri product teams\",\"publisher\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.esri.com\/arcgis-blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#organization\",\"name\":\"Esri\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png\",\"contentUrl\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png\",\"width\":400,\"height\":400,\"caption\":\"Esri\"},\"image\":{\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/\"},\"sameAs\":[\"https:\/\/www.facebook.com\/esrigis\/\",\"https:\/\/x.com\/ESRI\",\"https:\/\/www.linkedin.com\/company\/5311\/\"]},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/928a9a9a1a21dc0cf370b54b135e73ed\",\"name\":\"Mark Bierman\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2023\/06\/softwaresecurity-213x200.png\",\"contentUrl\":\"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2023\/06\/softwaresecurity-213x200.png\",\"caption\":\"Mark Bierman\"},\"url\":\"\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"ArcGIS Server Map and Feature Service Security 2023 Update 1","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/arcgis-server-map-and-feature-service-security-2023-update-1-patch","og_locale":"en_US","og_type":"article","og_title":"ArcGIS Server Map and Feature Service Security 2023 Update 1","og_url":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/arcgis-server-map-and-feature-service-security-2023-update-1-patch","og_site_name":"ArcGIS Blog","article_publisher":"https:\/\/www.facebook.com\/esrigis\/","article_modified_time":"2024-05-13T15:11:24+00:00","twitter_card":"summary_large_image","twitter_site":"@ESRI","twitter_misc":{"Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":["Article","BlogPosting"],"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/arcgis-server-map-and-feature-service-security-2023-update-1-patch#article","isPartOf":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/arcgis-server-map-and-feature-service-security-2023-update-1-patch"},"author":{"name":"Mark Bierman","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/928a9a9a1a21dc0cf370b54b135e73ed"},"headline":"ArcGIS Server Map and Feature Service Security 2023 Update 1","datePublished":"2023-08-19T01:04:04+00:00","dateModified":"2024-05-13T15:11:24+00:00","mainEntityOfPage":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/arcgis-server-map-and-feature-service-security-2023-update-1-patch"},"wordCount":8,"publisher":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization"},"keywords":["ArcGIS Trust Center","CVE","Security","SSAMLYMLGP"],"articleSection":["Administration"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/arcgis-server-map-and-feature-service-security-2023-update-1-patch","url":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/arcgis-server-map-and-feature-service-security-2023-update-1-patch","name":"ArcGIS Server Map and Feature Service Security 2023 Update 1","isPartOf":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#website"},"datePublished":"2023-08-19T01:04:04+00:00","dateModified":"2024-05-13T15:11:24+00:00","breadcrumb":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/arcgis-server-map-and-feature-service-security-2023-update-1-patch#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/arcgis-server-map-and-feature-service-security-2023-update-1-patch"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/arcgis-server-map-and-feature-service-security-2023-update-1-patch#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.esri.com\/arcgis-blog\/"},{"@type":"ListItem","position":2,"name":"ArcGIS Server Map and Feature Service Security 2023 Update 1"}]},{"@type":"WebSite","@id":"https:\/\/www.esri.com\/arcgis-blog\/#website","url":"https:\/\/www.esri.com\/arcgis-blog\/","name":"ArcGIS Blog","description":"Get insider info from Esri product teams","publisher":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.esri.com\/arcgis-blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.esri.com\/arcgis-blog\/#organization","name":"Esri","url":"https:\/\/www.esri.com\/arcgis-blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png","contentUrl":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2018\/04\/Esri.png","width":400,"height":400,"caption":"Esri"},"image":{"@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/www.facebook.com\/esrigis\/","https:\/\/x.com\/ESRI","https:\/\/www.linkedin.com\/company\/5311\/"]},{"@type":"Person","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/928a9a9a1a21dc0cf370b54b135e73ed","name":"Mark Bierman","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.esri.com\/arcgis-blog\/#\/schema\/person\/image\/","url":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2023\/06\/softwaresecurity-213x200.png","contentUrl":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2023\/06\/softwaresecurity-213x200.png","caption":"Mark Bierman"},"url":""}]}},"text_date":"August 18, 2023","author_name":"Multiple Authors","author_page":"https:\/\/www.esri.com\/arcgis-blog\/products\/trust-arcgis\/administration\/arcgis-server-map-and-feature-service-security-2023-update-1-patch","custom_image":"https:\/\/www.esri.com\/arcgis-blog\/app\/uploads\/2025\/08\/Newsroom-Keyart-Wide-1920-x-1080.jpg","primary_product":"ArcGIS Trust Center","tag_data":[{"term_id":24081,"name":"ArcGIS Trust Center","slug":"ssamymlgp","term_group":0,"term_taxonomy_id":24081,"taxonomy":"post_tag","description":"","parent":0,"count":96,"filter":"raw"},{"term_id":759222,"name":"CVE","slug":"cve","term_group":0,"term_taxonomy_id":759222,"taxonomy":"post_tag","description":"","parent":0,"count":32,"filter":"raw"},{"term_id":24071,"name":"Security","slug":"security","term_group":0,"term_taxonomy_id":24071,"taxonomy":"post_tag","description":"","parent":0,"count":126,"filter":"raw"},{"term_id":241722,"name":"SSAMLYMLGP","slug":"ssamlymlgp","term_group":0,"term_taxonomy_id":241722,"taxonomy":"post_tag","description":"","parent":0,"count":25,"filter":"raw"}],"category_data":[{"term_id":37501,"name":"Administration","slug":"administration","term_group":0,"term_taxonomy_id":37501,"taxonomy":"category","description":"","parent":0,"count":427,"filter":"raw"}],"product_data":[{"term_id":763582,"name":"ArcGIS Trust Center","slug":"trust-arcgis","term_group":0,"term_taxonomy_id":763582,"taxonomy":"product","description":"Reserved for articles authored by the ArcGIS Trust Center team","parent":36981,"count":89,"filter":"raw"}],"primary_product_link":"https:\/\/www.esri.com\/arcgis-blog\/?s=#&products=trust-arcgis","_links":{"self":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog\/2056962","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog"}],"about":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/types\/blog"}],"author":[{"embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/users\/136891"}],"replies":[{"embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/comments?post=2056962"}],"version-history":[{"count":0,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/blog\/2056962\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/media?parent=2056962"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/categories?post=2056962"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/tags?post=2056962"},{"taxonomy":"industry","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/industry?post=2056962"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.esri.com\/arcgis-blog\/wp-json\/wp\/v2\/product?post=2056962"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}