Esri ArcGIS Enterprise

Vendor Data

Vendor Patch Exists

Community Data

Vendor Resources

Resource	Link
https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/	https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/

Community Resources

Resource	Link
source	https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/

Community Notes

Source	Note
NCSC-NL	CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL	Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions
CISAGov	Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions
CISAGov	Last Update: 2021-12-17

Sources

Date	Attribution	Description
2021-12-31 9:06:53	NCSC-NL	Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50	CISAGov	Updated vendorPatchExists. Updated vendor link https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/. Updated community note. Updated community note.