GIS Community Forum : ArcGIS Server Support Group
Welcome Guest   
 
 Subject : ArcGIS Enterprise Version 10.7.1 and Earlier - Critical Vulnerability.. 12/14/2021 09:52:24 AM 
Joan Keene
Posts: 56
Location
Esri has announced that they are actively investigating the impact of the Log4j library critical vulnerability (CVE-2021-44228) disclosed on December 9, 2021, as some Esri products contain this common logging tool.

ArcGIS Enterprise versions 10.7.1 and earlier are potentially vulnerable (independent of using an Apache web server), however there is no exploit code available for ANY version of a base ArcGIS Enterprise deployment at this time (including the ArcGIS Server, Portal for ArcGIS, and ArcGIS Data Store components).

Here is a link to the Esri announcement: https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/
 
# of Topics per Page