Vulnerabilities > Okta
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-08 | CVE-2023-0392 | Unquoted Search Path or Element vulnerability in Okta Ldap Agent The LDAP Agent Update service with versions prior to 5.18 used an unquoted path, which could allow arbitrary code execution. | 6.7 |
| 2023-07-20 | CVE-2021-45094 | Cross-site Scripting vulnerability in Okta Imprivata Privileged Access Management 2.3.202112051108 Imprivata Privileged Access Management (formally Xton Privileged Access Management) 2.3.202112051108 allows XSS. | 5.4 |
| 2023-03-06 | CVE-2023-0093 | Command Injection vulnerability in Okta Advanced Server Access Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. | 8.8 |
| 2023-01-12 | CVE-2022-3145 | Open Redirect vulnerability in Okta Oidc Middleware An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL. | 4.7 |
| 2022-03-23 | CVE-2022-1030 | OS Command Injection vulnerability in Okta Advanced Server Access Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. | 8.8 |
| 2022-02-21 | CVE-2022-24295 | Code Injection vulnerability in Okta Advanced Server Access Client for Windows Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL. | 8.8 |
| 2021-04-02 | CVE-2021-28113 | OS Command Injection vulnerability in Okta Access Gateway A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account. | 8.7 |