PT-2021-17749 · Okta · Okta Access Gateway

Published

2021-04-02

Updated

2022-05-27

CVE-2021-28113

CVSS v2.0

8.7

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:P

Name of the Vulnerable Software and Affected Versions: Okta Access Gateway versions prior to 2020.9.3

Description: A command injection issue exists in the cookieDomain and relayDomain parameters, allowing attackers with admin access to the Okta Access Gateway UI to execute OS commands as a privileged system account.

Recommendations: For Okta Access Gateway versions prior to 2020.9.3, update to version 2020.9.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the Okta Access Gateway UI to minimize the risk of exploitation.

Exploit

Fix

OS Command Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-78

Related Identifiers

CVE-2021-28113

Affected Products

Okta Access Gateway

PT-2021-17749 · Okta · Okta Access Gateway

CVE-2021-28113

Weakness Enumeration

Related Identifiers

Affected Products

References · 8