Description
A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account.
References
ExploitThird Party AdvisoryVDB Entry
https://www.okta.com/security-advisories/cve-2021-28113
Vendor Advisory
CVSS impact metrics
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
6.7 · Medium
CVSS V3.1
CVSS V3.0
CVSS V2.0
Information
Source identifier
Vulnerability status
Analyzed
Published
2021-04-02T15:15:13.160
4 years agoLast modified
2022-05-27T16:47:02.470
3 years ago