Hi, our vulnerability detected the following files as vulnerable to the log4j CVE-2021-44228, what is the remediation per the vendor's instructions on how to address it?
The software installed is arcgis_server 10.6.1 (10.6.9270.0)
Thanks!
e:\arcgisportal\upgrade-backup\10.6.0\dsdata\elasticsearch_5.5.0\lib\log4j-core-2.8.2.jar |
c:\program files\arcgis\datastore\framework\runtime\elasticsearch\lib\log4j-core-2.8.2.jar |
c:\program files\arcgis\server\framework\lib\shared\log4j-core-2.8.2.jar |
c:\program files\arcgis\datastore\framework\webapps\arcgis#datastoreadmin\web-inf\lib\log4j-core-2.8.2.jar |
They released patches for this a while back. Run your Portal's Update Utility and you will see the log4j patches there.
Update Utility:
Log4j patches:
Edit: forgot to highlight a couple.