ESRI has discovered a critical vulnerability in the Portal for ArcGIS component of ArcGIS Enterprise resulting in a Server Side Request Forgery (SSRF) issue when special steps are taken by someone with network access to the ArcGIS Enterprise portal. This can result in access to and control over other infrastructure resources by unauthenticated persons.

For more information and to download a patch, visit the Tech Support page here.