Matt Lorrain

Security Architect at Esri

Recent Posts

License Manager Security Update

ArcGIS License Manager is built with a third party software component called Flexera FlexNet Publisher. Recently, a CVE (CVE-2015-8277) was released detailing buffer overflow vulnerabilities associated with Flexera FlexNet Publisher.  Esri is providing ArcGIS 10.4 License Manager to resolve these Flexera-based vulnerabilities. Continue reading

Posted in ArcGIS Enterprise, Security | Tagged , , , | 10 Comments

Esri Managed Cloud Services (EMCS) achieves FedRAMP Moderate compliance


On January 29th, 2015, the Esri Managed Cloud Services (EMCS) achieved FedRAMP Moderate compliance. This milestone provides assurance to customers that EMCS aligns with today’s latest rigorous security controls required for cloud systems at the moderate impact level (specifically FedRAMP … Continue reading

Posted in Security | Tagged , | Leave a comment

ArcGIS for Server Security Patch (10.1 SP1 QIP, 10.2.1, 10.2.2)


Esri has released a security patch to address vulnerabilities found in ArcGIS for Server. Esri recommends that this patch be applied immediately. Service packs must be applied first before the patch Vulnerability Details:   NIM102197 – ArcGIS for Server allows unauthorized access to some resources from secured services - (CWE-285) Some resources … Continue reading

Posted in Security | Tagged , , | 11 Comments

ArcGIS Web Adaptor for IIS Security Patch (10.1 SP1, 10.2.1, 10.2.2)


Esri has released a security patch to address serious vulnerabilities in the web adaptor for IIS and the patch should be applied immediately. The Web Adaptor for the Java platform is unaffected by these vulnerabilities. Vulnerability Details:  NIM102891 – ArcGIS Web Adaptor on IIS does not enforce authorization on … Continue reading

Posted in Security | Tagged , , | 1 Comment