Vulnerability Details CVE-2021-28113
A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.03
EPSS Ranking 86.0%
CVSS Severity
CVSS v3 Score 6.7
CVSS v2 Score 8.7
References
- http://packetstormsecurity.com/files/163428/Okta-Access-Gateway-2020.5.5-Authenticated-Remote-Root.html
- https://www.okta.com/security-advisories/cve-2021-28113
- http://packetstormsecurity.com/files/163428/Okta-Access-Gateway-2020.5.5-Authenticated-Remote-Root.html
- https://www.okta.com/security-advisories/cve-2021-28113
Products affected by CVE-2021-28113
-
cpe:2.3:a:okta:access_gateway:2019.1.0
-
cpe:2.3:a:okta:access_gateway:2019.4.2
-
cpe:2.3:a:okta:access_gateway:2019.4.5
-
cpe:2.3:a:okta:access_gateway:2020.1.0
-
cpe:2.3:a:okta:access_gateway:2020.2.1
-
cpe:2.3:a:okta:access_gateway:2020.3.3
-
cpe:2.3:a:okta:access_gateway:2020.4.4
-
cpe:2.3:a:okta:access_gateway:2020.5.5
-
cpe:2.3:a:okta:access_gateway:2020.6.3
-
cpe:2.3:a:okta:access_gateway:2020.7.1
-
cpe:2.3:a:okta:access_gateway:2020.8.3
-
cpe:2.3:a:okta:access_gateway:2020.8.4