ArcGIS Enterprise security patches have been released for ArcGIS Server and Portal for ArcGIS..
You'll notice a new addition to our patch pages - CVSS base scoring and vector parameters.
CVSS is a way that software security professionals come quantify risks associated with software security issues. Next to each patch above we list the highest risk addressed, moderate risk security issues are addressed by the Server patch and a high risk issue is addressed by the Portal patch.
We strongly suggest users patch their systems to address these security concerns.