Software Maintenance Ahead

Important ArcGIS Server Security Alert

News by COSOL /

Esri has announced that they have discovered a critical security vulnerability in ArcGIS Server when specially constructed steps are taken by persons with network access to the ArcGIS deployment to exploit Server-Side Request Forgery (SSRF), which can potentially be used to obtain access to sensitive internal system information by unauthorized individuals.

This issue is present in versions 10.4 – 10.7.1 of ArcGIS for Server, on both Windows and Linux operating systems. Esri has released patches for these versions of ArcGIS for Server here. ArcGIS Server 10.8 is unaffected by this issue.

Esri have published the following Blog and Knowledge Base article relating to this issue:

Critical Security patch for ArcGIS Server Released.

Problem: Warning of security vulnerability in ArcGIS Server

COSOL strongly recommends installing the relevant patch at your earliest possible opportunity and will be contacting all impacted clients directly to discuss your options. All patches can be downloaded from the Esri Support website:

ArcGIS Server Security 2020 Update 1 Patch.

ArcGIS Server Patching

Talk to COSOL's GIS specialists for support and assistance.