Okta On-Prem MFA Agent CVE-2021-45105

Apache Log4j2 2.16.0, as used in Okta On-Prem MFA Agent 1.4.7 and lower (formerly Okta RSA SecurID Agent), did not protect from uncontrolled recursion from self-referential lookups.

While Okta found no evidence that this agent was impacted, due to the lack of preconditions that must exist for this vulnerability to be exploitable, we have released an updated version of the agent. The new version includes Log4j 2.17.0, which fixes this issue.

Okta On-Prem MFA Agent (formerly Okta RSA SecurID Agent) 1.4.7 and lower 

The vulnerability is fixed in Okta On-Prem MFA Agent (formerly Okta RSA SecurID Agent) version 1.4.8.  To remediate this vulnerability, upgrade Okta On-Prem MFA Agent.