Hi James, Hi Ryan,
The ArcGIS Enterprise 11.1 version of this patch AND the required ArcGIS Validation and Repair tool are available. We describe the defect the original Portal for ArcGIS Enterprise Sites Security Patch introduced and also provide the download location here:
https://support.esri.com/en-us/patches-updates/2023/defective-arcgis-enterprise-patch
We recently updated our Portal for ArcGIS Validation and Repair tool page here:
https://support.esri.com/en-us/patches-updates/2023/portal-for-arcgis-validation-and-repair
We also recently updated our security advisory , which found under the Advisories section of the ArcGIS Trust Center.
The specific CVEs addressed in the are documented in the advisory.
Linux users are unaffected by the issues introduced by the flawed patch.
Users who have not yet installed the Portal for ArcGIS Enterprise Sites Security Patch can immediately remediate the security issues that this patch resolves with an upgrade to 11.2.
All of the issues that the Portal for ArcGIS Enterprise Sites Security Patch addresses require the ability for a malicious user to manage an ArcGIS Enterprise Site.
Mitigation options include temporarily revoking user memberships from the Sites Core Group.