CVE-2022-24295 The Older version of the Okta Advanced Server Access Client was vulnurable to command injection.

CVE-2022-24295 The Older version of the Okta Advanced Server Access Client was vulnurable to command injection.

An attacker can inject malicious code into the target application's request chain (using injected variable) and potentially gain access to internal data via unvalidated input.

An attacker can inject malicious code into the target application's request chain (using injected variable) and potentially gain access to internal data via unvalidated input. The prior version of Okta Advanced Server Access Client for Windows was found to be vulnerable to XSS injection via a specially crafted URL.

The prior version of Okta Advanced Server Access Client for Windows was found to be vulnerable to XSS injection via a specially crafted URL. An attacker can inject malicious code into the target application's request chain (using injected variable) and potentially gain access to internal data via unvalidated input.

An attacker can inject malicious code into the target application's request chain (using injected variable) and potentially gain access to internal data via unvalidated input. The prior version of Okta Advanced Server Access Client for Windows was found to be vulnerable to stored XSS injection via a specially crafted URL.

The prior version of Okta Advanced Server Access Client for Windows was found to be vulnerable to stored XSS injection via a specially crafted URL. An attacker can inject malicious code into the target application's request chain (using injected variable) and potentially gain access to internal data via unvalidated input.

Overview

An attacker can inject malicious code into the target application's request chain (using injected variable) and potentially gain access to internal data via unvalidated input. The prior version of Okta Advanced Server Access Client for Windows was found to be vulnerable to stored XSS injection via a specially crafted URL. An attacker can inject malicious code into the target application's request chain (using injected variable) and potentially gain access to internal data via unvalidated input.

Okta Advanced Server Access Client for Linux was found to be vulnerable to stored XSS injection via a specially crafted URL.


An attacker can inject malicious code into the target application's request chain (using injected variable) and potentially gain access to internal data via unvalidated input. The prior version of Okta Advanced Server Access Client for Linux was found to be vulnerable to stored XSS injection via a specially crafted URL.

References

Subscribe to CVE.news
Don’t miss out on the latest issues. Sign up now to get access to the library of members-only issues.
jamie@example.com
Subscribe