Hey there Hannah, thank you for posting. I would like to point you to our blog on this o-day found here: ArcGIS and Apache Log4j Vulnerabilities.
In it, our security team mentions that:
"Several ArcGIS Enterprise components contain the vulnerable log4j library, however there is no known exploit available for any version of a base ArcGIS Enterprise deployment (including the ArcGIS Server, Portal for ArcGIS, and ArcGIS Data Store components) or stand-alone ArcGIS Server at this time."
We are aware of the log4j file at the location you posted, and the mitigating scripts in that blog should remove them. If you have any questions, please reply to me or reach out to our trust center: https://trust.arcgis.com/en/
Keep on keeping on!