Due to scheduled maintenance on Friday, May 14, 2021, from 7:00 p.m. to 11:00 p.m. (PT) , you might experience intermittent issues on the ArcGIS Blog. We appreciate your understanding as we complete this work.
ArcGIS Enterprise

ArcGIS Workflow Manager Server Security Update Patch is available

An ArcGIS Workflow Manager Server Security Update Patch is available now.

This patch addresses a high priority information disclosure issue where specially crafted queries can in some cases reveal information about the database.

This issue is considered high priority, with a CVSS score of 8.8 CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

This patch is cumulative and also addresses other non-security related usability issues that were included in previous patches to ensure that there are no conflicts.

This patch is available for ArcGIS Workflow Manager Server 10.7, 10.6.1, 10.6, and 10.5.1.

These issues have been addressed in version 10.7.1.

Esri strongly recommends all Workflow Manager Server users apply this patch.

About the author

I'm a member of the Software Security and Privacy Team. I also help out with Esri's Product Security Incident Response Team. I've been with Esri almost 14 years now. Before joining the Software Security and Privacy Team, I was a senior technical lead in Esri Support Services, focusing on deploying, securing, and using ArcGIS Enterprise technology.


Next Article

Tackling the Digital Divide with Ready-to-Use Content + Policy

Read this article