By now, most everyone in the tech world has heard about the Apache Log4j library vulnerability. While we are experts about all things GIS, we won’t pretend to have all the answers to this problem. However, in the essence of transparency and helping to spread the word, we want to share some general takeaways on what we know and some helpful links for more information.
General Information
Our Big Takeaways
Pro is "not known to be exploitable because it does not listen to remote traffic.”
Esri is patching ArcGIS Online.
Esri has provided Python scripts to mitigate potential vulnerabilities in ArcGIS Enterprise components.
Esri reports “there is no known exploit available for any version of a base ArcGIS Enterprise deployment” currently.
CyberSecurity & Infrastructure Security Agency (CISA)
The article below from CISA provides a useful summary of Log4j vulnerability guidance that customers may want to reference in addition to our product specific recommendations.
Apache Log4j Vulnerability Guidance
Esri Software
The vulnerability potentially affects some versions of ArcGIS Enterprise. We strongly recommend immediate mitigating actions in these cases. Please refer to the ArcGIS Blog for the most up-to-date guidance on affected versions and associated mitigations.
Esri recommends that all ArcGIS customers review their blog on the subject:
ArcGIS and Apache Log4j Vulnerabilities
ArcGIS Enterprise Mitigations
Out of an abundance of caution, Esri has created Log4Shell mitigation scripts that are strongly recommended to be applied to all installations of ArcGIS Enterprise and ArcGIS Server of any version of the software. The scripts remove the JndiLookup class which is the only mitigation measure recommended by Apache Log4j that does not require updating the Log4j version. This action fully addresses CVE-2021-44228 and CVE-2021-45046. Watch below as Virginia walks us through running these scripts:
For more help on this and any other ArcGIS Enterprise needs contact us at cloudpointgeo.com/enterprise or call the office at 877.377.8124.