惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

I
Intezer
GbyAI
GbyAI
The Register - Security
The Register - Security
Martin Fowler
Martin Fowler
B
Blog RSS Feed
Engineering at Meta
Engineering at Meta
Blog — PlanetScale
Blog — PlanetScale
B
Blog
Vercel News
Vercel News
T
The Blog of Author Tim Ferriss
A
About on SuperTechFans
I
InfoQ
爱范儿
爱范儿
D
Docker
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
N
Netflix TechBlog - Medium
L
LINUX DO - 热门话题
SecWiki News
SecWiki News
酷 壳 – CoolShell
酷 壳 – CoolShell
C
CXSECURITY Database RSS Feed - CXSecurity.com
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
The GitHub Blog
The GitHub Blog
Microsoft Security Blog
Microsoft Security Blog
博客园_首页
F
Full Disclosure
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
V
Vulnerabilities – Threatpost
Y
Y Combinator Blog
阮一峰的网络日志
阮一峰的网络日志
S
SegmentFault 最新的问题
H
Help Net Security
D
Darknet – Hacking Tools, Hacker News & Cyber Security
P
Privacy & Cybersecurity Law Blog
小众软件
小众软件
aimingoo的专栏
aimingoo的专栏
Recorded Future
Recorded Future
Last Week in AI
Last Week in AI
Microsoft Azure Blog
Microsoft Azure Blog
Apple Machine Learning Research
Apple Machine Learning Research
M
MIT News - Artificial intelligence
C
Cyber Attacks, Cyber Crime and Cyber Security
V
V2EX
C
CERT Recently Published Vulnerability Notes
AWS News Blog
AWS News Blog
Jina AI
Jina AI
T
Tenable Blog
IT之家
IT之家
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
T
Threat Research - Cisco Blogs

Okta Trust

Okta Verify Desktop MFA for Windows Passwordless Login CVE-2024-9191 Okta Verify for iOS ContextExtension CVE-2024-10327 Okta Classic Application Sign-On Policy Bypass Okta Browser Plugin Reflected Cross-Site Scripting CVE-2024-0981 Okta Verify for Windows Auto-update Arbitrary Code Execution CVE-2024-0980 Okta Advanced Server Access Client CVE-2023-0093 Okta Access Gateway Advisory for CVE-2022-3602 and CVE-2022-3786 Okta Active Directory Agent CVE-2022-1697 Okta Advanced Server Access Client CVE-2022-1030 Okta Advanced Server Access Client CVE-2022-24295 Okta RADIUS Server Agent CVE-2021-45105 Okta On-Prem MFA Agent CVE-2021-45046 Okta RADIUS Server Agent CVE-2021-45046 Okta On-Prem MFA Agent CVE-2021-44228 Okta On-Prem MFA Agent CVE-2021-45105 Okta Verify for Windows Privilege Escalation CVE-2024-7061 Okta LDAP Agent CVE-2023-0392 - Sep 19, 2023 Okta AD/LDAP Delegated Authentication - Username Above 52 Characters Security Advisory Okta Access Gateway CVE-2021-28113 - Apr 2, 2021
Okta RADIUS Server Agent CVE-2021-44228
Okta, Inc. · 2022-01-26 · via Okta Trust

Description

Apache Log4j2 <=2.14.1, as used in Okta RADIUS Server Agent prior to 2.17.0, does not protect against attacker controlled LDAP and other JNDI related endpoints. An attacker who can control log messages or log message parameters can execute arbitrary code loaded from LDAP servers.

Affected product and versions

Okta RADIUS Server Agent 2.16.0 and earlier

Resolution

The vulnerability is fixed in Okta RADIUS Server Agent version 2.17.0. To remediate this vulnerability, upgrade Okta RADIUS Server Agent.

References

CVE-2021-44228 Detail

How to perform an upgrade of the RADIUS Server Agent and the On-Prem MFA Agent