As with other significant vulnerabilities that have received significant media attention, numerous customers have asked us about whether the products they utilize from Esri have been affected by the Microsoft Exchange vulnerabilities listed as part of CISA Emergency Directive 21-02.
Both of our FedRAMP authorized services, ArcGIS Online and EMCS Advanced Plus are not affected by this vulnerability as Microsoft Exchange is not used within our FedRAMP authorized environments.
Esri does not include Microsoft Exchange as part of our customer on-premises offerings.
- Esri Software Security & Privacy Team
References:
Security Advisory – Microsoft
CISA Emergency Directive 21-02
Article Discussion: