An ArcGIS Workflow Manager Server Security Update Patch is available now.
This patch addresses a high priority information disclosure issue where specially crafted queries can in some cases reveal information about the database.
This issue is considered high priority, with a CVSS score of 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.
This patch is cumulative and also addresses other non-security related usability issues that were included in previous patches to ensure that there are no conflicts.
This patch is available for ArcGIS Workflow Manager Server 10.7, 10.6.1, 10.6, and 10.5.1.
These issues have been addressed in version 10.7.1.
Esri strongly recommends all Workflow Manager Server users apply this patch.