Skip to main content

Okta Releases Security Updates for Advanced Server Client for Windows

Security update addresses a remote code execution vulnerability

Report a cyber attack: call 0300 303 5222 or email [email protected]


Security update addresses a remote code execution vulnerability

Affected platforms

The following platforms are known to be affected:

Threat details


Okta has released a security update to address a remote code execution (RCE) vulnerability. A remote, unauthenticated attacker could exploit this command injection vulnerability by sending a specially crafted URL and take control of an affected system.

Updated information about Okta's Log4Shell response

In addition to the main vulnerability mentioned in this cyber alert, please note that Okta has updated its response to Log4Shell vulnerabilities, CVE-2021-45105, CVE-2021-45046, and CVE-2021-44228. Further information can be found on Okta Security Advisories page and the blog post Okta’s response to CVE-2021-44228 (“Log4Shell”).

NHS and social care organisations are invited visit our cyber alerts article Log4Shell RCE Vulnerability CC-3989 and to use the Cyber Associates Network to find out additional information and participate in discussion about the Log4Shell remote code execution vulnerability and affected products.

Remediation advice

Affected organisations should read Okta's security advisory and update to Advanced Server Access Client for Windows version 1.57.0.

Last edited: 25 February 2022 3:01 pm