惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Project Zero
Project Zero
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
Google DeepMind News
Google DeepMind News
Recent Announcements
Recent Announcements
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V
Visual Studio Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
G
Google Developers Blog
H
Hackread – Cybersecurity News, Data Breaches, AI and More
Recorded Future
Recorded Future
B
Blog RSS Feed
The GitHub Blog
The GitHub Blog
爱范儿
爱范儿
博客园 - 三生石上(FineUI控件)
D
DataBreaches.Net
博客园 - Franky
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Last Week in AI
Last Week in AI
NISL@THU
NISL@THU
T
Tailwind CSS Blog
博客园 - 【当耐特】
P
Privacy International News Feed
I
InfoQ
L
LINUX DO - 热门话题
H
Help Net Security
博客园 - 叶小钗
aimingoo的专栏
aimingoo的专栏
AWS News Blog
AWS News Blog
Scott Helme
Scott Helme
Cyberwarzone
Cyberwarzone
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Forbes - Security
Forbes - Security
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
WordPress大学
WordPress大学
T
Troy Hunt's Blog
Spread Privacy
Spread Privacy
V
V2EX
Cloudbric
Cloudbric
Security Latest
Security Latest
H
Heimdal Security Blog
S
Securelist
I
Intezer
F
Full Disclosure
V2EX - 技术
V2EX - 技术
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
小众软件
小众软件
Security Archives - TechRepublic
Security Archives - TechRepublic
L
Lohrmann on Cybersecurity
S
Schneier on Security
C
Cybersecurity and Infrastructure Security Agency CISA

Okta Trust

Okta Verify Desktop MFA for Windows Passwordless Login CVE-2024-9191 Okta Verify for iOS ContextExtension CVE-2024-10327 Okta Classic Application Sign-On Policy Bypass Okta Browser Plugin Reflected Cross-Site Scripting CVE-2024-0981 Okta Verify for Windows Auto-update Arbitrary Code Execution CVE-2024-0980 Okta Advanced Server Access Client CVE-2023-0093 Okta Access Gateway Advisory for CVE-2022-3602 and CVE-2022-3786 Okta Active Directory Agent CVE-2022-1697 Okta Advanced Server Access Client CVE-2022-1030 Okta Advanced Server Access Client CVE-2022-24295 Okta RADIUS Server Agent CVE-2021-45105 Okta On-Prem MFA Agent CVE-2021-45046 Okta On-Prem MFA Agent CVE-2021-44228 Okta RADIUS Server Agent CVE-2021-44228 Okta On-Prem MFA Agent CVE-2021-45105 Okta Verify for Windows Privilege Escalation CVE-2024-7061 Okta LDAP Agent CVE-2023-0392 - Sep 19, 2023 Okta AD/LDAP Delegated Authentication - Username Above 52 Characters Security Advisory Okta Access Gateway CVE-2021-28113 - Apr 2, 2021
Okta RADIUS Server Agent CVE-2021-45046
Okta, Inc. · 2022-01-26 · via Okta Trust

Description

Apache Log4j2 2.15.0, as used in Okta RADIUS Server Agent 2.17.0, contained an incomplete fix for CVE-2021-44228, which could allow attackers under certain conditions to craft malicious input data, resulting in a denial of service (DOS) attack. The new version includes Log4j 2.16.0 which fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default.

Affected product and versions

Okta RADIUS Server Agent 2.17.0

Resolution

The vulnerability is fixed in Okta RADIUS Server Agent version 2.17.1. To remediate this vulnerability, upgrade Okta RADIUS Server Agent.

References

CVE-2021-45046 Detail

How to perform an upgrade of the RADIUS Server Agent and the On-Prem MFA Agent