4 June 2020
Esri has announced that they have detected a critical security vulnerability in the Portal for ArcGIS component of ArcGIS Enterprise when special steps are taken by persons with network access to the ArcGIS Enterprise portal to exploit Server-Side Request Forgery (SSRF), which can result in access to and control over other infrastructure resources by unauthenticated persons.
This can affect deployments running in Amazon Web Services (AWS) in particular which makes this issue particularly urgent for those deployments.
This security issue affects all supported versions prior to ArcGIS Enterprise 10.8 on both Windows and Linux operating systems.
What you need to do
Esri has released patches for versions of ArcGIS Enterprise from 10.5 through to 10.7.1.
Esri strongly recommends installing the Portal for ArcGIS Security 2020 Update 1 Patch at your earliest opportunity. ArcGIS Enterprise 10.8 already contains these fixes and is not affected.
Esri have published the following Blog and Knowledge Base article relating to this issue:
KB Article: Problem: Warning of security vulnerability in ArcGIS Enterprise
Blog: Critical Security Patch for ArcGIS Enterprise portal Released
If you have any questions or concerns, please contact your local Esri distributor’s support team (for Esri Australia clients, use My Esri, email@example.com, call 1800 447 111; or book a Consultation with a Technical specialist). For any email requests please add “Portal for ArcGIS Security Patch June 2020” to the subject line so that it can be addressed.
Since May of this year, when I demonstrated a very early version of the new Insights for ArcGIS product at the Directions LIVE events Esri Australia staged around the country, it has been the topic of many conversations I have had – both internally and with customers.
Everyone is keen to understand where Insights fits in to the ArcGIS platform, and where it sits in relation to other similar products in the broader market.
There’s a buzz about this that I haven’t witnessed for some time in Esri circles, and I’ve got to say – it’s infectious. For me personally, Insights, and the GeoAnalytics Server that is also in the pipeline for ArcGIS 10.5, stand to be highlights of my work over the next year or so.
I’d like to share my early thoughts on Insights, and I hope that leaves you curious enough to find out more. Continue reading
While delivering Arc 2: Essential Workflows, I was enthusiastically describing the wonders and practical uses of the search widget in the Web App Builder for ArcGIS Online or Portal and the capability it has to search content within your feature layers. When asking my students, “which widget should I use?” Some referred to the functionality of the query widget which I had previously demonstrated, while others preferred the power of a search widget. Hopefully by the end of this post you will be well placed to make an informed decision as to whether you should use and configure a query or search widget for your web apps in ArcGIS Online or Portal.
Last episode galactic federation had stopped with the one server but there is still more to explore in the box. We have seen our ArcGIS for Server published from and managed by both ArcGIS Desktop and Server Manager in a browser and used from various Portal for ArcGIS clients. It was noted that we also chose a federated server to act as our portal’s hosting server.
With Space to spare in the box, what Relatively new discoveries And functions can we explore this Time by adding In the extra Dimension of a hosting server?
Last episode we got as far as creating a map service to view a few of the nearby places Doctor Who has been seen but it is now time to find out what galactic federation has taken control of our ArcGIS Server security.
Knowing my server box was a lot bigger on the inside, I decided when Portal for ArcGIS is installed to give its Web Adaptor the name ‘portal’ as I wanted to leave the more familiar ‘arcgis’ application name for the ArcGIS Server which was also installed.
In this series of blogs we will explore some ArcGIS server functionality. The first four episodes cover;
- Using interoperability and Portal for ArcGIS
- Federating an ArcGIS Server site with Portal
- Using a Portal hosted server
- Configuring and using Geoportal Server
To set the scene we are going to use a box (server) which is a lot bigger on the inside that what it initially seems. This server has the following installed initially;
We start by taking off from those that have gone before and have located a source of his travels from Doctor Who locations which have kindly provided a place to start via a KML file, this is an open XML format now looked after by OGC which is http://www.doctorwholocations.net/downloads/format?type=kml. As the Doctor gets around a bit we initially are not going to serve up a copy of his locations but reference the original.