Andrew Salazar

**Name of the Vulnerable Software and Affected Versions** Esri Portal for ArcGIS versions 11.0 and below **Description** The issue allows a remote, authenticated attacker to create a crafted link that, when clicked, could render arbitrary HTML in the victim’s browser. This does not result in any stateful change or the rendering of customer data. **Recommendations** For Esri Portal for ArcGIS versions 11.0 and below, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Esri Portal for ArcGIS versions 11.0 and below **Description** The issue is a cross-site-request forgery vulnerability that may allow an attacker to trick an authorized user into executing unwanted actions. **Recommendations** For Esri Portal for ArcGIS versions 11.0 and below, update to a version above 11.0 to resolve the issue. As a temporary workaround, consider implementing additional security measures to prevent cross-site request forgery attacks until a patch is available.