CVE-2024-0980

2024-03-2800:15:07

CWE-22

CWE-427

[email protected]

web.nvd.nist.gov

okta verify

auto-update

vulnerability

arbitrary code execution

7.6 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

10.3%

JSON

The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code.

CNA Affected

[
  {
    "vendor": "Okta",
    "product": "Okta Verify for Windows",
    "versions": [
      {
        "version": "0",
        "status": "affected",
        "lessThan": "4.10.7",
        "versionType": "semver"
      }
    ],
    "defaultStatus": "unaffected"
  }
]