CVE-2021-28113

Опубликовано: 02 апр. 2021

Источник: nvd

CVSS3: 6.7

CVSS2: 8.7

EPSS Низкий

Описание

A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account.

Ссылки

http://packetstormsecurity.com/files/163428/Okta-Access-Gateway-2020.5.5-Authenticated-Remote-Root.html
Exploit
Third Party Advisory
VDB Entry
https://www.okta.com/security-advisories/cve-2021-28113
Vendor Advisory
http://packetstormsecurity.com/files/163428/Okta-Access-Gateway-2020.5.5-Authenticated-Remote-Root.html
Exploit
Third Party Advisory
VDB Entry
https://www.okta.com/security-advisories/cve-2021-28113
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:okta:access_gateway:*:*:*:*:*:*:*:*

Версия до 2020.8.4 (включая)

EPSS

Процентиль: 86%

0.03007

Низкий

6.7 Medium

CVSS3

8.7 High

CVSS2

Дефекты

CWE-78

Связанные уязвимости

GHSA-j6w2-8ww3-qh9q