{
    "componentChunkName": "component---src-templates-security-advisories-js",
    "path": "/security-advisories/okta-radius-server-agent-cve-2021-45105/",
    "result": {"data":{"contentfulSecurityAdvisories":{"id":"75685964-3f35-536a-be54-5e2b2f348345","title":"Okta RADIUS Server Agent CVE-2021-45105 - Jan 26, 2022","url":"/security-advisories/okta-radius-server-agent-cve-2021-45105","datePosted":"2022-01-26T22:53","body":{"raw":"{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Description\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Apache Log4j2 2.16.0, as used in Okta RADIUS Server Agent 2.17.1 and lower, did not protect from uncontrolled recursion from self-referential lookups.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"While Okta found no evidence that this agent was impacted, due to the lack of preconditions that must exist for this vulnerability to be exploitable, we have released an updated version of the agent. The new version includes Log4j 2.17.0, which fixes this issue.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Affected product and versions\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Okta RADIUS Server Agent 2.17.1 and lower \",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Resolution\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"The vulnerability is fixed in Okta RADIUS Server Agent version 2.17.2. To remediate this vulnerability, upgrade Okta RADIUS Server Agent.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"References\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://nvd.nist.gov/vuln/detail/CVE-2021-45105\"},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"CVE-2021-45105 Detail\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://support.asqula.com/help/s/article/How-to-perform-an-upgrade-of-the-RADIUS-Server-Agent-and-the-On-Prem-MFA-Agent?language=en_US\"},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"How to perform an upgrade of the RADIUS Server Agent and the On-Prem MFA Agent\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"document\"}"},"shortDescription":{"shortDescription":"Apache Log4j2 2.16.0, as used in Okta RADIUS Server Agent 2.17.1 and lower, did not protect from uncontrolled recursion from self-referential lookups. While Okta found no evidence that this agent was impacted, due to the lack of preconditions that must exist for this vulnerability to be exploitable, we have released an updated version of the agent. The new version includes Log4j 2.17.0, which fixes this issue."}}},"pageContext":{"matchPath":null,"language":"en","id":"75685964-3f35-536a-be54-5e2b2f348345","slug":"/security-advisories/okta-radius-server-agent-cve-2021-45105"}},
    "staticQueryHashes": ["2744905544"]}