Note that our mitigation measures are in alignment with Emergency Directive 22-02 Mitigate Apache Log4 Vulnerability. To help ease implementing the recommended blocking mechanism of a Web Application Firewall (WAF) with Esri products, we have a Web Application Filter Rules guide located within the customer accessible documents area of the ArcGIS Trust Center. Two aspects your organization should consider implementing are alerting and blocking mechanisms for this issue. The Joint Cybersecurity Advisory, representing cybersecurity organizations around the globe, provides a useful summary of Log4j vulnerability mitigation guidance that customers may want to reference in addition to our product specific recommendations. This bulletin contains the latest information about Esri products and will be updated if necessary. While Log4j issues have been mitigated for previous releases, we recommend customers upgrade to ArcGIS Enterprise 11.1 to eliminate potential security scanner false positives.Įsri has investigated the impact of the following Log4j library vulnerabilities as some Esri products contain this common logging tool:
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |