Select to view content in your preferred language

Does the Fix for CVE-2022-38023 affect any ArcGIS Enterprise products

07-05-2023 01:26 PM
Occasional Contributor III

Hello, Our servers are being patched with the fix to CVE-2022-38023. The fix is a phased approach, where the latest fix still allows a compatibility mode to be enabled so everything works like before, however the next update will not have this option and I would like to know if that version will affect the operation of our ArcGIS Enterprise (Server, Portal, Data store, etc).

It looks like it only affects domain controllers, however our Portal and one of our GIS sites uses Windows for the identity store. It seems like for this setup, the software connects to domain controllers for this information.

I am concerned about this because there were some issues reported about the GIS Servers by users around the time of the last patch, then our System Engineers enabled the compatibility mode and things seemed to return to normal. The next time, we will not have the compatibility mode option, so I'd like to be prepared when that patch is installed.

0 Kudos
0 Replies