10 Technology Vendors Affected By The Log4j Vulnerability
Vulnerable Log4j code can be found in products from some of the most prominent technology vendors like Cisco, IBM, and VMware, and as well as one serving the MSP community like ConnectWise and N-able.
Certain versions of Okta’s RADIUS Server Agent and On-Prem MFA Agent are susceptible to the Log4j vulnerability, meaning that an attacker with control over log messages or log message parameters could execute arbitrary code. Customers are urged to upgrade to Okta RADIUS Server Agent version 2.17.0 or Okta On-Prem MFA Agent version 1.4.6, where the vulnerability has been fixed.
“As soon as Okta learned of this vulnerability, we promptly evaluated all cloud-hosted systems and customer premise agents to determine what might be impacted and methodically set about remediating any exposure,” Okta Chief Security Officer David Bradbury wrote in a blog post Saturday.