Esri has discovered a crucial vulnerability in the Portal for ArcGIS component of ArcGIS Enterprise resulting in a privilege escalation problem when unique measures are taken by an authenticated user. This final results in ordinary authenticated customers becoming capable to elevate themselves to become administrators of the portal.
This safety concern affects all supported versions of Portal for ArcGIS on each Windows and Linux.
What You Need to have to Do Patches for all versions of Portal for ArcGIS from ten.three through ten.six.1 have been released. Esri strongly recommends installing the relevant patch at your earliest feasible chance.
All patches can be downloaded from the Esri Help internet site:
The Portal for ArcGIS Security 2018 Update 3 Patch is available for versions 10.6.1, ten.five.1, ten.4.1, and 10.three.1 and consists of a fix for this problem, along with other recommended fixes for safety issues.
The Portal for ArcGIS Privilege Escalation Security Patch is offered for versions ten.six, 10.5, ten.4, and 10.three and consists of a fix for only this concern.
More Information For a lot more specifics, please refer to the Information Base article, Dilemma: Warning of Security Vulnerability in Portal for ArcGIS and this Esri weblog post.