Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Okta Security Vulnerabilities

cve
cve

CVE-2021-28113

A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account.

6.7CVSS

6.8AI Score

0.004EPSS

2021-04-02 03:15 PM
61
cve
cve

CVE-2021-45094

Imprivata Privileged Access Management (formally Xton Privileged Access Management) 2.3.202112051108 allows XSS.

5.4CVSS

5.5AI Score

0.001EPSS

2023-07-20 06:15 PM
27
cve
cve

CVE-2022-1030

Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute co...

8.8CVSS

8.7AI Score

0.001EPSS

2022-03-23 08:15 PM
55
cve
cve

CVE-2022-1697

Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation.

3.9CVSS

4.5AI Score

0.001EPSS

2022-09-06 06:15 PM
39
4
cve
cve

CVE-2022-24295

Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL.

8.8CVSS

8.8AI Score

0.001EPSS

2022-02-21 06:15 PM
99
cve
cve

CVE-2022-3145

An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL.

4.7CVSS

4.7AI Score

0.001EPSS

2023-01-12 07:15 PM
36
cve
cve

CVE-2023-0093

Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need to ...

8.8CVSS

9AI Score

0.001EPSS

2023-03-06 09:15 PM
35
cve
cve

CVE-2023-0392

The LDAP Agent Update service with versions prior to 5.18 used an unquoted path, which could allow arbitrary code execution.

6.7CVSS

6.9AI Score

0.0004EPSS

2023-11-08 09:15 PM
27
cve
cve

CVE-2024-7061

Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking. The vulnerability is fixed in Okta Verify for Windows version 5.0.2. To remediate this vulnerability, upgrade to 5.0.2 or greater.

7.8CVSS

7.2AI Score

0.0004EPSS

2024-08-07 05:15 PM
18