Esri has discovered a critical vulnerability in the Portal for ArcGIS component of ArcGIS Enterprise resulting in a privilege escalation issue when special steps are taken by an authenticated user. This results in ordinary authenticated users being able to elevate themselves to become administrators of the portal.

This security issue affects all supported versions of Portal for ArcGIS on both Windows and Linux.

What You Need to Do
Patches for all versions of Portal for ArcGIS from 10.3 through 10.6.1 have been released. Esri strongly recommends installing the relevant patch at your earliest possible opportunity.

All patches can be downloaded from the Esri Support website:

The Portal for ArcGIS Security 2018 Update 3 Patch is available for versions 10.6.1, 10.5.1, 10.4.1, and 10.3.1 and includes a fix for this issue, along with other recommended fixes for security issues.

The Portal for ArcGIS Privilege Escalation Security Patch is available for versions 10.6, 10.5, 10.4, and 10.3 and includes a fix for only this issue.

More Information
For more details, please refer to the Knowledge Base article, Problem: Warning of Security Vulnerability in Portal for ArcGIS and this Esri blog post.