CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L
EPSS
Percentile
34.4%
Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation.
Vendor | Product | Version | CPE |
---|---|---|---|
okta | active_directory_agent | 3.8.0 | cpe:2.3:a:okta:active_directory_agent:3.8.0:*:*:*:*:*:*:* |
okta | active_directory_agent | 3.9.0 | cpe:2.3:a:okta:active_directory_agent:3.9.0:*:*:*:*:*:*:* |
okta | active_directory_agent | 3.10.0 | cpe:2.3:a:okta:active_directory_agent:3.10.0:*:*:*:*:*:*:* |
okta | active_directory_agent | 3.11.0 | cpe:2.3:a:okta:active_directory_agent:3.11.0:*:*:*:*:*:*:* |