topic LOG4J: GeoEvent Server Vulnerable - JAR files return with vulnerabilities every day in ArcGIS GeoEvent Server Questions

topic LOG4J: GeoEvent Server Vulnerable - JAR files return with vulnerabilities every day in ArcGIS GeoEvent Server Questions https://community.esri.com/t5/arcgis-geoevent-server-questions/log4j-geoevent-server-vulnerable-jar-files-return/m-p/1217004#M3843 <P>.\<SPAN>ArcGIS\Server\GeoEvent\system\org\ops4j\pax\logging\pax-logging-log4j2\1.10.1\pax-</SPAN><SPAN>logging-log4j2-1.10.1.jar file keeps returning after we delete the folder. Whatever is creating the file is what is vulnerable.<BR /><BR />ArcGIS GeoEvent Server 10.7.1<BR />Installed 9/22 </SPAN></P> Wed, 28 Sep 2022 16:30:33 GMT PatrickBurwell 2022-09-28T16:30:33Z LOG4J: GeoEvent Server Vulnerable - JAR files return with vulnerabilities every day https://community.esri.com/t5/arcgis-geoevent-server-questions/log4j-geoevent-server-vulnerable-jar-files-return/m-p/1217004#M3843 <P>.\<SPAN>ArcGIS\Server\GeoEvent\system\org\ops4j\pax\logging\pax-logging-log4j2\1.10.1\pax-</SPAN><SPAN>logging-log4j2-1.10.1.jar file keeps returning after we delete the folder. Whatever is creating the file is what is vulnerable.<BR /><BR />ArcGIS GeoEvent Server 10.7.1<BR />Installed 9/22 </SPAN></P> Wed, 28 Sep 2022 16:30:33 GMT https://community.esri.com/t5/arcgis-geoevent-server-questions/log4j-geoevent-server-vulnerable-jar-files-return/m-p/1217004#M3843 PatrickBurwell 2022-09-28T16:30:33Z Re: LOG4J: GeoEvent Server Vulnerable - JAR files return with vulnerabilities every day https://community.esri.com/t5/arcgis-geoevent-server-questions/log4j-geoevent-server-vulnerable-jar-files-return/m-p/1217012#M3844 <P>May want to look at this blog: <A href="https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/" target="_blank">https://www.esri.com/arcgis-blog/products/arcgis-enterprise/administration/arcgis-software-and-cve-2021-44228-aka-log4shell-aka-logjam/</A> under Security Scanner False Positives & <A href="https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-enterprise-log4j-security-patches-available/" target="_blank">https://www.esri.com/arcgis-blog/products/trust-arcgis/administration/arcgis-enterprise-log4j-security-patches-available/</A> <BR /><BR />Otherwise I recommend contacting Esri technical support for more guidance.</P> Wed, 28 Sep 2022 16:57:52 GMT https://community.esri.com/t5/arcgis-geoevent-server-questions/log4j-geoevent-server-vulnerable-jar-files-return/m-p/1217012#M3844 George_Thompson 2022-09-28T16:57:52Z