Security Patch for ArcGIS Enterprise Sites Builder 10.8.1

A moderate priority Cross Site Scripting (XSS) vulnerability has been discovered in ArcGIS Enterprise Sites Builder version 10.8.1.  

This is a moderate priority issue with a CVSSv3: 6.8. 

https://www.first.org/cvss/calculator/3.0#CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H 

Esri recommends all ArcGIS Enterprise administrators install this patch by using the ArcGIS Enterprise “Patch Notification” tool or by downloading the appropriate patch for your ArcGIS Enterprise site from https://support.esri.com/en/download/7836. 

Be sure to subscribe to the RSS feed on the ArcGIS Trust Center for timely notifications regarding trends and issues related to security issues that impact the ArcGIS Platform. 

References:

Check for and install software patches and updates 

https://enterprise.arcgis.com/en/server/latest/administer/windows/check-for-software-patches-and-updates.htm 

How To: Schedule Automatic Updates for ArcGIS Enterprise 

https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/howto-schedule-automatic-updates-for-arcgis-enterprise/ 

Security Update Statement 

https://trust.arcgis.com/en/security/security-overview.htm#ESRI_SECTION1_A4C20198BF974A82AA2AF490F84451C4 

• Esri Software Security and Privacy Team