To avoid conflicts on 10.9.1 this patch also addresses: BUG-000144906 - Unable to save a generated domain list or delete an existing domain list in Portal for ArcGIS.BUG-000152121 - Directory traversal vulnerability in ArcGIS Server.These vulnerability details are provided in the patch advisory found here.
Both base and modified temporal scores are provided to reflect the availability of a patch. Important Note: One of the defect included with this patch, BUG-000152121, is also addressed for versions 10.9 and 11.0 in the ArcGIS Server Directory Traversal Vulnerability Patch.Įsri has registered CVEs (Common Vulnerabilities and Exposures) and provided base and temporally adjusted Common Vulnerability Scoring System v3.1 (CVSS) scores for these issues to allow our customers to better assess risk of these vulnerabilities to their operations. This security patch is cumulative and includes several security and non-security related fixes from earlier patches that are also listed below under Issues Addressed with this Patch. This patch deals specifically with the issues listed below under Issues Addressed with this patch. Esri recommends that all customers using ArcGIS Server 10.9.1, 10.8.1 and 10.7.1 apply this patch. Esri® announces the ArcGIS Server Security 2022 Update 2 Patch.
