Esri ArcGIS Workflow Manager Server


Vendor Data Vendor Patch Exists
Community Data

Vendor Resources

Resource Link
https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/ https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/

Community Resources

Resource Link
source https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/

Community Notes

Source Note
NCSC-NL CVE-2021-4104: Not vuln ; CVE-2021-44228: Fix
NCSC-NL Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions
CISAGov Requires script remediation. ESRI has created scripts to remove the JndiLookup class, but has not issued patches to upgrade the Log4j versions
CISAGov Last Update: 2021-12-17

Sources

Date Attribution Description
2021-12-31 9:06:53 NCSC-NL Updated vendorPatchExists. Updated community note. Updated community link source. Updated community note.
2021-12-30 21:31:50 CISAGov Updated vendorPatchExists. Updated vendor link https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/. Updated community note. Updated community note.