SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2021-28113

A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score : 6.7		CVSS Score : 8.7
Exploit Score: 1.2		Exploit Score: 8.0
Impact Score: 5.5		Impact Score: 9.5

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector: NETWORK		Access Vector: NETWORK
Attack Complexity: LOW		Access Complexity: LOW
Privileges Required: HIGH		Authentication: SINGLE
User Interaction: NONE		Confidentiality: COMPLETE
Scope: UNCHANGED		Integrity: COMPLETE
Confidentiality: HIGH		Availability: PARTIAL
Integrity: HIGH
Availability: LOW

Reference:

http://packetstormsecurity.com/files/163428/Okta-Access-Gateway-2020.5.5-Authenticated-Remote-Root.html

https://www.okta.com/security-advisories/cve-2021-28113


30479



423868



248392



909



195452



282