Vulnerabilities > Okta

DATE CVE VULNERABILITY TITLE RISK
2024-11-01 CVE-2024-9191 Incorrect Default Permissions vulnerability in Okta Verify
The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to the OktaDeviceAccessPipe, which enables attackers in a compromised device to retrieve passwords associated with Desktop MFA passwordless logins.
local
low complexity
okta CWE-276
7.8
2024-08-07 CVE-2024-7061 Uncontrolled Search Path Element vulnerability in Okta Verify
Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking.
local
low complexity
okta CWE-427
7.8
2023-11-08 CVE-2023-0392 Unquoted Search Path or Element vulnerability in Okta Ldap Agent
The LDAP Agent Update service with versions prior to 5.18 used an unquoted path, which could allow arbitrary code execution.
local
low complexity
okta CWE-428
6.7
2023-07-20 CVE-2021-45094 Cross-site Scripting vulnerability in Okta Imprivata Privileged Access Management 2.3.202112051108
Imprivata Privileged Access Management (formally Xton Privileged Access Management) 2.3.202112051108 allows XSS.
network
low complexity
okta CWE-79
5.4
2023-03-06 CVE-2023-0093 Command Injection vulnerability in Okta Advanced Server Access
Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser.
network
low complexity
okta CWE-77
8.8
2023-01-12 CVE-2022-3145 Open Redirect vulnerability in Okta Oidc Middleware
An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL.
network
low complexity
okta CWE-601
4.7
2022-09-06 CVE-2022-1697 Unquoted Search Path or Element vulnerability in Okta Active Directory Agent
Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path.
local
high complexity
okta CWE-428
3.9
2022-03-23 CVE-2022-1030 OS Command Injection vulnerability in Okta Advanced Server Access
Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL.
network
low complexity
okta CWE-78
8.8
2022-02-21 CVE-2022-24295 Code Injection vulnerability in Okta Advanced Server Access Client for Windows
Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL.
network
low complexity
okta CWE-94
8.8
2021-04-02 CVE-2021-28113 OS Command Injection vulnerability in Okta Access Gateway
A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account.
network
low complexity
okta CWE-78
6.7