CVSS: 6.7EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0392
https://notcve.org/view.php?id=CVE-2023-0392
The LDAP Agent Update service with versions prior to 5.18 used an unquoted path, which could allow arbitrary code execution. El servicio LDAP Agent Update con versiones anteriores a la 5.18 utilizaba una ruta sin comillas, lo que podía permitir la ejecución de código arbitrario. • https://trust.okta.com/security-advisories/okta-ldap-agent-cve-2023-0392 • CWE-428: Unquoted Search Path or Element •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2021-45094
https://notcve.org/view.php?id=CVE-2021-45094
Imprivata Privileged Access Management (formally Xton Privileged Access Management) 2.3.202112051108 allows XSS. • https://aegis9.com.au/blog https://www.aegis9.com.au/blog/5 https://www.imprivata.com/privileged-access-management • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-0093
https://notcve.org/view.php?id=CVE-2023-0093
Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need to phish the user to enter an attacker controlled server URL during enrollment. • https://trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2023-0093 • CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection') •
CVSS: 4.7EPSS: 0%CPEs: 1EXPL: 0CVE-2022-3145
https://notcve.org/view.php?id=CVE-2022-3145
An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL. Existe una vulnerabilidad de redireccionamiento abierto en Okta OIDC Middleware anterior a la versión 5.0.0 que permite a un atacante redirigir a un usuario a una URL arbitraria. • https://github.com/okta/okta-oidc-middleware/security/advisories/GHSA-58h4-9m7m-j9m4 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 3.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-1697
https://notcve.org/view.php?id=CVE-2022-1697
Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation. Las versiones 3.8.0 a 3.11.0 del Agente de Okta Active Directory instalan el Servicio de Actualización del Agente de Okta AD utilizando una ruta no citada. Nota: Para corregir esta vulnerabilidad, debe desinstalar el Agente de Okta Active Directory y volver a instalar el Agente de Okta Active Directory 3.12.0 o superior según la documentación • https://help.okta.com/en-us/Content/Topics/Directory/ad-agent-update.htm https://support.okta.com/help/s/article/Security-Notice-CVE-2022-1697-FAQ https://trust.okta.com/security-advisories/okta-active-directory-agent-cve-2022-1697 • CWE-428: Unquoted Search Path or Element •