Hello All,
My organization's McAfee AV is flagging a process as suspicious for Log4J exploitation. This is on a server with ArcGIS server 10.8.1 installed. The command in question is:
cmd.exe /c .\bin\pg_isready -h localhost -p 9876 -d <db> -U <user>
The source path C:\Program Files\ArcGIS\DataStore\framework\runtime\jre\bin\java.exe.
From what I can tell this is a normal PostgreSQL db check, but I need to confirm for higher ups that this is expected behavior and not an actual exploit attempt. Does anyone know if this is quote-unquote normal?
Thanks so much.
Solved! Go to Solution.
Hey there Hannah, thank you for posting. I would like to point you to our blog on this o-day found here: ArcGIS and Apache Log4j Vulnerabilities.
In it, our security team mentions that:
"Several ArcGIS Enterprise components contain the vulnerable log4j library, however there is no known exploit available for any version of a base ArcGIS Enterprise deployment (including the ArcGIS Server, Portal for ArcGIS, and ArcGIS Data Store components) or stand-alone ArcGIS Server at this time."
We are aware of the log4j file at the location you posted, and the mitigating scripts in that blog should remove them. If you have any questions, please reply to me or reach out to our trust center: https://trust.arcgis.com/en/
Hey there Hannah, thank you for posting. I would like to point you to our blog on this o-day found here: ArcGIS and Apache Log4j Vulnerabilities.
In it, our security team mentions that:
"Several ArcGIS Enterprise components contain the vulnerable log4j library, however there is no known exploit available for any version of a base ArcGIS Enterprise deployment (including the ArcGIS Server, Portal for ArcGIS, and ArcGIS Data Store components) or stand-alone ArcGIS Server at this time."
We are aware of the log4j file at the location you posted, and the mitigating scripts in that blog should remove them. If you have any questions, please reply to me or reach out to our trust center: https://trust.arcgis.com/en/
Excellent, thank you so much for the quick response!