{
    "componentChunkName": "component---src-templates-security-advisories-js",
    "path": "/security-advisories/okta-prem-mfa-agent-cve-2021-45046/",
    "result": {"data":{"contentfulSecurityAdvisories":{"id":"7ad5d499-3d49-5aa8-bead-ef793ca5cc79","title":"Okta On-Prem MFA Agent CVE-2021-45046 - Jan 26, 2022","url":"/security-advisories/okta-prem-mfa-agent-cve-2021-45046","datePosted":"2022-01-26T22:52","body":{"raw":"{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Description\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Apache Log4j2 2.15.0, as used in Okta On-Prem MFA Agent 1.4.6 (formerly Okta RSA SecurID Agent), contained an incomplete fix for CVE-2021-44228, which could allow attackers under certain conditions to craft malicious input data, resulting in a denial of service (DOS) attack. The new version includes Log4j 2.16.0 which fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default. \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Affected product and versions\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Okta On-Prem MFA Agent (formerly Okta RSA SecurID Agent) 1.4.6\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Resolution\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"The vulnerability is fixed in Okta On-Prem MFA Agent (formerly Okta RSA SecurID Agent) version 1.4.7. To remediate this vulnerability, upgrade Okta On-Prem MFA Agent.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"References\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://nvd.nist.gov/vuln/detail/CVE-2021-45046\"},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"CVE-2021-45046 Detail\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://support.asqula.com/help/s/article/How-to-perform-an-upgrade-of-the-RADIUS-Server-Agent-and-the-On-Prem-MFA-Agent?language=en_US\"},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"How to perform an upgrade of the RADIUS Server Agent and the On-Prem MFA Agent\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"document\"}"},"shortDescription":{"shortDescription":"Apache Log4j2 2.15.0, as used in Okta On-Prem MFA Agent 1.4.6 (formerly Okta RSA SecurID Agent), contained an incomplete fix for CVE-2021-44228, which could allow attackers under certain conditions to craft malicious input data, resulting in a denial of service (DOS) attack. The new version includes Log4j 2.16.0 which fixes this issue by removing support for message lookup patterns and disabling JNDI functionality by default."}}},"pageContext":{"matchPath":null,"language":"en","id":"7ad5d499-3d49-5aa8-bead-ef793ca5cc79","slug":"/security-advisories/okta-prem-mfa-agent-cve-2021-45046"}},
    "staticQueryHashes": ["2744905544"]}