HomepageOkta logo

Okta RADIUS Server Agent CVE-2021-45046

View all security advisories

Description

Apache Log4j2 2.15.0, as used in Okta RADIUS Server Agent 2.17.0, contained an incomplete fix for CVE-2021-44228, which could allow attackers under certain conditions to craft malicious input data, resulting in a denial of service (DOS) attack. The new version includes Log4j 2.16.0 which fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.

Affected product and versions

Okta RADIUS Server Agent 2.17.0 

Resolution

The vulnerability is fixed in Okta RADIUS Server Agent version 2.17.1. To remediate this vulnerability, upgrade Okta RADIUS Server Agent.

References

CVE-2021-45046 Detail

How to perform an upgrade of the RADIUS Server Agent and the On-Prem MFA Agent

United States
  • Okta.com
  • Privacy
  • Security Advisories
  • Security Blog

© 2024 Okta, Inc. All rights reserved.