ArcGIS Workflow Manager Security Update Patch
Esri® announces the ArcGIS Workflow Manager Server Security Update which addresses a security vulnerability where server information may be disclosed in certain error messages. Esri recommends customers using ArcGIS Workflow Manager Server 10.7, 10.6.1, 10.6, and 10.5.1 apply this patch.Description
This security patch is cumulative and includes security and non-security related fixes from earlier patches to ensure there are no conflicts. All issues addressed are listed below under Issues Addressed with this Patch.
- BUG-000122570 Workflow Manager Server information disclosure issue returned in certain error messages.
CVSS 3.0 Base Score: 8.8 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- BUG-000115160: Unable to Retrieve Portal users from Workflow Manager REST Endpoint When User is Logged In
ArcGIS Server and ArcGIS Workflow Manager must be installed before installing this patch.
- Download the appropriate file to a location other than your ArcGIS installation location.
- Make sure you have write access to your ArcGIS installation location.
- Double-click WMXServer<Version>_SecurityUpdate.msp to start the setup process.
NOTE: If double clicking on the MSP file does not start the setup installation, you can start the setup installation manually by using the following command:
msiexec.exe /p [location of Patch]\WMXServer<Version>_SecurityUpdate.msp
- Restart ArcGIS Server to apply the changes.
Check the Patches and Service Packs page periodically for the availability of additional patches.
To determine which ArcGIS products are installed, choose the appropriate version of the PatchFinder utility for your environment and run it from your local machine. PatchFinder will list all products, hot fixes, and patches installed on your local machine.
Domestic sites, please contact Esri Technical Support at 1-888-377-4575, if you have any difficulty installing this patch. International sites, please contact your local Esri software distributor.