ESRI has discovered a critical vulnerability in the ArcGIS Server component of ArcGIS Enterprise resulting in a Server Side Request Forgery (SSRF) issue when special steps are taken by someone with network access to the deployment. This can result in access to and control over other infrastructure resources by unauthenticated persons.

This security issue affects all supported versions prior to ArcGIS Server 10.8 on both Windows and Linux.  Click here for more info and how to fix.