[gis_info] FW: Esri Software Alert: Security Issue in ArcGIS Server

MATHER David * DAS David.MATHER at oregon.gov
Mon May 14 11:57:15 PDT 2018 

FYI for those with ArcGIS Server.

=============================
David Mather, GISP
Geospatial Data Administrator
Geospatial Enterprise Office
Office of the State CIO
635 Capitol st NE # 150
Salem, OR 97301
503-378-2166
gis.oregon.gov
=============================
Data Classification: Level 1 - Published


From: Esri [mailto:newsletter at esri.com]
Sent: Monday, May 14, 2018 10:49 AM
To: david.mather at state.or.us
Subject: Esri Software Alert: Security Issue in ArcGIS Server

Critical Patch Released

[Esri | The Science of Where]

View email in web browser<https://go.esri.com/webmail/82202/557023028/0ec2d4395583997389b5ce975eb6a525>



Security Issue in ArcGIS Server

Esri has discovered a critical vulnerability in ArcGIS Server causing improper access control validation when specially crafted requests are sent to the server. This results in secured services and their data to be exposed to users when they should not otherwise have access.

This security issue affects all supported versions of ArcGIS Server on both Windows and Linux. As an ArcGIS Enterprise customer, we are personally notifying you about this security vulnerability in addition to regular online notifications on our blog and security site at Trust.ArcGIS.com<https://go.esri.com/e/82202/2018-05-14/kx1cq5/557023028>.

What You Need to Do
Patches for all versions of ArcGIS Server from 10.2.1 through 10.6 have been released. Esri strongly recommends installing the relevant patch at your earliest possible opportunity.

All patches can be downloaded from the Esri Support website<https://go.esri.com/e/82202/rver-Enterprise-Software-Alert/kx1cpp/557023028>.

More Information
For more details, please refer to the Knowledge Base article, Problem: Warning of security vulnerability in ArcGIS Server<https://go.esri.com/e/82202/rver-Enterprise-Software-Alert/kx1cpr/557023028>.

We also encourage you to subscribe to the RSS feed on Trust.ArcGIS.com<https://go.esri.com/e/82202/2018-05-14/kx1cq5/557023028> for future updates on this and other security issues.


You received this due to your interest in Esri subscriptions.
Update<https://go.esri.com/preferences?ehash=0ec2d4395583997389b5ce975eb6a525&email_id=557023028> your subscription preferences.
Esri.com<https://go.esri.com/e/82202/2018-05-14/kx1cq7/557023028> | Privacy<https://go.esri.com/e/82202/rver-Enterprise-Software-Alert/kx1cq9/557023028> | Contact Us<https://go.esri.com/e/82202/rver-Enterprise-Software-Alert/kx1cqc/557023028>
Copyright © 2018 Esri. All rights reserved.
Esri, 380 New York Street, Redlands, CA 92373, USA.


[Facebook]<https://go.esri.com/e/82202/esrigis/kx1cpt/557023028>[Instagram]<https://go.esri.com/e/82202/esrigram-/kx1cpw/557023028>[LinkedIn]<https://go.esri.com/e/82202/company-esri/kx1cpy/557023028>[Twitter]<https://go.esri.com/e/82202/esri/kx1cq1/557023028>[Google+]<https://go.esri.com/e/82202/esri-posts/kx1cq3/557023028>






[https://go.esri.com/r/82202/1/557023028/open/1]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/gis_info/attachments/20180514/f88279cb/attachment.html>

More information about the gis_info mailing list