Esri ArcGIS Enterprise Portal for ArcGIS组件XXE漏洞

Esri ArcGIS Enterprise is a GIS (Geographic Information System) base software system from the Environmental Systems Research Institute (Esri), Inc. The system supports mapping and visualization, analysis, and data management, etc. An XXE vulnerability exists in the Esri ArcGIS Enterprise Portal for ArcGIS component, which stems from the fact that entities are not prohibited from parsing external incoming xml data, which could be exploited by an attacker to achieve arbitrary file reading.