Overview
- Description
- Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation.
- Source
- psirt@okta.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 3.9
- Impact score
- 3.4
- Exploitability score
- 0.5
- Vector string
- CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
- Severity
- LOW
Weaknesses
- nvd@nist.gov
- CWE-428
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:okta:active_directory_agent:3.8.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "442B7B70-70D7-488D-BAC4-7B060CCB1388"
},
{
"criteria": "cpe:2.3:a:okta:active_directory_agent:3.9.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E0B869CF-7CFB-4288-B21B-C959136BE293"
},
{
"criteria": "cpe:2.3:a:okta:active_directory_agent:3.10.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "07931E64-69B0-4081-99A8-9FF8E6989E2C"
},
{
"criteria": "cpe:2.3:a:okta:active_directory_agent:3.11.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "C8403CAC-AA6E-4B65-B02D-0DA097D9E53B"
}
],
"operator": "OR"
}
]
}
]