Category: Security

Posts about security, privacy and compliance for Trust.arcgis.com.

Does the Bash (Shellshock) Vulnerability affect you?

SecReview

On September 24, 2014, a security vulnerability was revealed affecting the standard bash login shell which is broadly deployed and used on Linux hosts. If you were wondering if ArcGIS Server, ArcGIS Online, and Portal for ArcGIS application interfaces are … Continue reading

Posted in Security | Tagged , , | Leave a comment

ArcGIS for Server Security Patch (10.1 SP1 QIP, 10.2.1, 10.2.2)

secpatch

Esri has released a security patch to address vulnerabilities found in ArcGIS for Server. Esri recommends that this patch be applied immediately. Service packs must be applied first before the patch Vulnerability Details:   NIM102197 – ArcGIS for Server allows unauthorized access to some resources from secured services - (CWE-285) Some resources … Continue reading

Posted in Security | Tagged , , | 11 Comments

ArcGIS Web Adaptor for IIS Security Patch (10.1 SP1, 10.2.1, 10.2.2)

secpatch

Esri has released a security patch to address serious vulnerabilities in the web adaptor for IIS and the patch should be applied immediately. The Web Adaptor for the Java platform is unaffected by these vulnerabilities. Vulnerability Details:  NIM102891 – ArcGIS Web Adaptor on IIS does not enforce authorization on … Continue reading

Posted in Security | Tagged , , | 1 Comment

ArcGIS Online Achieves FISMA Security Accreditation

FISMA

On June 6th, 2014, the United States Department of Agriculture (USDA) granted a Federal Information Security Management Act (FISMA) Low Authority to Operate (ATO) for ArcGIS Online.  This process ensures that ArcGIS Online passed a rigorous security control review to … Continue reading

Posted in Security | Tagged , , | Leave a comment