Vulnerability Details CVE-2022-1030
Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has access, can execute commands on the local system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 60.8%
CVSS Severity
CVSS v3 Score 8.8
CVSS v2 Score 9.3
References
Products affected by CVE-2022-1030
-
cpe:2.3:a:okta:advanced_server_access:1.13.1
-
cpe:2.3:a:okta:advanced_server_access:1.41.0
-
cpe:2.3:a:okta:advanced_server_access:1.44.2
-
cpe:2.3:a:okta:advanced_server_access:1.44.4
-
cpe:2.3:a:okta:advanced_server_access:1.44.6
-
cpe:2.3:a:okta:advanced_server_access:1.45.3
-
cpe:2.3:a:okta:advanced_server_access:1.45.4
-
cpe:2.3:a:okta:advanced_server_access:1.49.2
-
cpe:2.3:a:okta:advanced_server_access:1.50.1
-
cpe:2.3:a:okta:advanced_server_access:1.50.3
-
cpe:2.3:a:okta:advanced_server_access:1.50.4
-
cpe:2.3:a:okta:advanced_server_access:1.51.1
-
cpe:2.3:a:okta:advanced_server_access:1.51.3
-
cpe:2.3:o:apple:macos:-
-
cpe:2.3:o:linux:linux_kernel:-