CVSS: 3.9EPSS: 0%CPEs: 4EXPL: 0CVE-2022-1697
https://notcve.org/view.php?id=CVE-2022-1697
06 Sep 2022 — Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation. Las versiones 3.8.0 a 3.11.0 del Agente de Okta Active Directory instalan el Servicio de Actualización del Agente de Okta AD utilizando una ruta no citada. Nota: Para corregir esta vulnerabilidad, debe desinstalar el A... • https://help.okta.com/en-us/Content/Topics/Directory/ad-agent-update.htm • CWE-428: Unquoted Search Path or Element •
CVSS: 9.3EPSS: 0%CPEs: 3EXPL: 0CVE-2022-1030
https://notcve.org/view.php?id=CVE-2022-1030
23 Mar 2022 — Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute commands on the local system. Se ha detectado que el cliente de acceso al servidor avanzado de Okta para Linux y macOS versiones anteriores a 1.58.0, era vulnerable a una inyección de comandos por medio de una URL e... • https://trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2022-1030 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 8.8EPSS: 5%CPEs: 1EXPL: 0CVE-2022-24295
https://notcve.org/view.php?id=CVE-2022-24295
21 Feb 2022 — Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL. Se ha detectado que Okta Advanced Server Access Client para Windows versiones anteriores a 1.57.0, es vulnerable a una inyección de comandos por medio de una URL especialmente diseñada • https://trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2022-24295 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 8.7EPSS: 20%CPEs: 1EXPL: 2CVE-2021-28113 – Okta Access Gateway 2020.5.5 Authenticated Remote Root
https://notcve.org/view.php?id=CVE-2021-28113
02 Apr 2021 — A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account. Una vulnerabilidad de inyección de comandos en los parámetros cookieDomain y relayDomain de Okta Access Gateway versiones anteriores a 2020.9.3, permite a atacantes (con acceso de administrador a la interfaz de usuario de Okta Access Gateway) ejecutar comandos del siste... • https://packetstorm.news/files/id/163428 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •