CVE-2021-28113 — MEDIUM (6.7)

Q: How severe is CVE-2021-28113?

CVE-2021-28113 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-28113?

Check the references section above for vendor advisories and patch information. Affected products include: Okta Access Gateway.

Vulnerability Description

A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account.

CVSS Score

6.7

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

LOW

Affected Products

Vendor	Product	Versions
Okta	Access Gateway	<= 2020.8.4

Related Weaknesses (CWE)

CWE-78

References

http://packetstormsecurity.com/files/163428/Okta-Access-Gateway-2020.5.5-AuthentExploitThird Party AdvisoryVDB Entry
https://www.okta.com/security-advisories/cve-2021-28113Vendor Advisory
http://packetstormsecurity.com/files/163428/Okta-Access-Gateway-2020.5.5-AuthentExploitThird Party AdvisoryVDB Entry
https://www.okta.com/security-advisories/cve-2021-28113Vendor Advisory

FAQ

What is CVE-2021-28113?

CVE-2021-28113 is a vulnerability with a CVSS score of 6.7 (MEDIUM). A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS...

How severe is CVE-2021-28113?

CVE-2021-28113 has been rated MEDIUM with a CVSS base score of 6.7/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-28113?

Check the references section above for vendor advisories and patch information. Affected products include: Okta Access Gateway.