CVE-2021-28113
published 2021-04-02CVE-2021-28113: A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to…
PriorityP350medium6.7CVSS 3.1
AVNACLPRHUINSUCHIHAL
EPSS
22.33%
97.4th percentile
A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| okta | access_gateway | <= 2020.8.4 | — |
CVSS provenance
nvdv3.16.7MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L
nvdv2.08.7HIGHAV:N/AC:L/Au:S/C:C/I:C/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://packetstormsecurity.com/files/163428/Okta-Access-Gateway-2020.5.5-Authenticated-Remote-Root.htmlhttps://www.okta.com/security-advisories/cve-2021-28113http://packetstormsecurity.com/files/163428/Okta-Access-Gateway-2020.5.5-Authenticated-Remote-Root.htmlhttps://www.okta.com/security-advisories/cve-2021-28113
2021-04-02
Published