The Portal for ArcGIS 10.8.1 Home Application Patch is now live on the support site. This patch includes fixes for two moderate priority security issues.
Note: The Portal for ArcGIS 10.8.1 Home Application Patch is superseded by the Portal for ArcGIS Security 2021 Update 1 Patch.
The URL to download this patch is:
https://support.esri.com/en/download/7899
Summary
Esri highly recommends installing this patch to addressing the usability issues mentioned in the patch release summary page. In addition to fixes for those usability issues, this patch provides fixes for two moderate priority security vulnerabilities. These are:
BUG-000134926 – Unvalidated redirect issue in the ArcGIS Enterprise portal sign in page
- CVSS 3.1 Base Score: 6.1 – MODERATE CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
BUG-000131991 – Reflected cross-site scripting (XSS) in the home application
- CVSS 3.1 Base Score: 6.1 – MODERATE CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Patches for these issues will be released for Portal for ArcGIS versions 10.5.1, 10.6.1, and 10.7.1 are upcoming. This blog will be updated when those patches are available.
Esri recommends that customers using Portal for ArcGIS 10.8.1 apply this patch in accordance with their organization’s timelines for addressing moderate security issues.
Article Discussion: