{
    "componentChunkName": "component---src-templates-security-advisories-js",
    "path": "/security-advisories/okta-radius-server-agent-cve-2021-45046/",
    "result": {"data":{"contentfulSecurityAdvisories":{"id":"d976bda4-74fd-5b04-9337-50f7401a2717","title":"Okta RADIUS Server Agent CVE-2021-45046 - Jan 26, 2022","url":"/security-advisories/okta-radius-server-agent-cve-2021-45046","datePosted":"2022-01-26T22:51","body":{"raw":"{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Description\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Apache Log4j2 2.15.0, as used in Okta RADIUS Server Agent 2.17.0, contained an incomplete fix for CVE-2021-44228, which could allow attackers under certain conditions to craft malicious input data, resulting in a denial of service (DOS) attack. The new version includes Log4j 2.16.0 which fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Affected product and versions\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Okta RADIUS Server Agent 2.17.0 \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Resolution\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"The vulnerability is fixed in Okta RADIUS Server Agent version 2.17.1. To remediate this vulnerability, upgrade Okta RADIUS Server Agent.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"References\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://nvd.nist.gov/vuln/detail/CVE-2021-45046\"},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"CVE-2021-45046 Detail\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://support.okta.com/help/s/article/How-to-perform-an-upgrade-of-the-RADIUS-Server-Agent-and-the-On-Prem-MFA-Agent?language=en_US\"},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"How to perform an upgrade of the RADIUS Server Agent and the On-Prem MFA Agent\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"document\"}"},"shortDescription":{"shortDescription":"Apache Log4j2 2.15.0, as used in Okta RADIUS Server Agent 2.17.0, contained an incomplete fix for CVE-2021-44228, which could allow attackers under certain conditions to craft malicious input data, resulting in a denial of service (DOS) attack. The new version includes Log4j 2.16.0 which fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default."}}},"pageContext":{"matchPath":null,"language":"en","id":"d976bda4-74fd-5b04-9337-50f7401a2717","slug":"/security-advisories/okta-radius-server-agent-cve-2021-45046"}},
    "staticQueryHashes": ["2744905544"]}