Vulnerabilities > Okta > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-01 | CVE-2024-9191 | Incorrect Default Permissions vulnerability in Okta Verify The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to the OktaDeviceAccessPipe, which enables attackers in a compromised device to retrieve passwords associated with Desktop MFA passwordless logins. | 7.8 |
| 2024-08-07 | CVE-2024-7061 | Uncontrolled Search Path Element vulnerability in Okta Verify Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking. | 7.8 |
| 2023-03-06 | CVE-2023-0093 | Command Injection vulnerability in Okta Advanced Server Access Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. | 8.8 |
| 2022-03-23 | CVE-2022-1030 | OS Command Injection vulnerability in Okta Advanced Server Access Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. | 8.8 |
| 2022-02-21 | CVE-2022-24295 | Code Injection vulnerability in Okta Advanced Server Access Client for Windows Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL. | 8.8 |
| 2021-04-02 | CVE-2021-28113 | OS Command Injection vulnerability in Okta Access Gateway A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account. | 8.7 |