U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Results Type: Overview
  • Search Type: Search All
  • CPE Vendor: cpe:/:okta
There are 6 matching records.
Displaying matches 1 through 6.
Vuln ID Summary CVSS Severity

Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need to phish the user to enter an attacker controlled server URL during enrollment.

Published: March 06, 2023; 4:15:10 PM -0500
V3.1: 8.8 HIGH
V2.0:(not available)

An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL.

Published: January 12, 2023; 2:15:24 PM -0500
V3.1: 4.7 MEDIUM
V2.0:(not available)

Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation.

Published: September 06, 2022; 2:15:10 PM -0400
V3.1: 3.9 LOW
V2.0:(not available)

Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute commands on the local system.

Published: March 23, 2022; 4:15:10 PM -0400
V3.1: 8.8 HIGH
V2.0: 9.3 HIGH

Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL.

Published: February 21, 2022; 1:15:09 PM -0500
V3.1: 8.8 HIGH
V2.0: 6.8 MEDIUM

A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account.

Published: April 02, 2021; 11:15:13 AM -0400
V3.1: 6.7 MEDIUM
V2.0: 8.7 HIGH