{
    "componentChunkName": "component---src-templates-security-advisories-js",
    "path": "/security-advisories/okta-advanced-server-access-client-cve-2023-0093/",
    "result": {"data":{"contentfulSecurityAdvisories":{"id":"25fb23bc-e822-5f00-8c26-be2ca362b3e6","title":"Okta Advanced Server Access Client CVE-2023-0093 - Feb 22, 2023","url":"/security-advisories/okta-advanced-server-access-client-cve-2023-0093","datePosted":"2023-02-22T00:00","body":{"raw":"{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Description\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Okta Advanced Server Access Client versions 1.13.1 through 1.68.1 are vulnerable to command injection due to the third-party library webbrowser.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Affected product and versions\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Okta’s Advanced Server Access customers that have currently installed or previously had installed versions 1.13.1 through 1.68.1 of the Okta Advanced Server Access Client.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Resolution\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"The vulnerability is fixed in Okta Advanced Server Access Client version 1.68.2 To remediate this vulnerability, upgrade to 1.68.2 or greater.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Severity details\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need to phish the user to enter an attacker controlled server URL during enrollment.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"CVE details\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"CVE ID\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"table-cell\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0093\"},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"CVE-2023-0093\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"table-cell\"}],\"nodeType\":\"table-row\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Published Date\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"table-cell\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"2023-02-22\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"table-cell\"}],\"nodeType\":\"table-row\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Vulnerability Type\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"table-cell\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"OS Command Injection\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"table-cell\"}],\"nodeType\":\"table-row\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"CWE\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"table-cell\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"CWE-78\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"table-cell\"}],\"nodeType\":\"table-row\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"CVSS v3\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"table-cell\"},{\"data\":{},\"content\":[{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Score: 7.5\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Vector string: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"table-cell\"}],\"nodeType\":\"table-row\"}],\"nodeType\":\"table\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Acknowledgements\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Okta would like to thank Tao Sauvage from Anvil Secure for assistance on this finding.\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"References\",\"nodeType\":\"text\"}],\"nodeType\":\"heading-3\"},{\"data\":{},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"},{\"data\":{\"uri\":\"https://help.asqula.com/asa/en-us/Content/Topics/Adv_Server_Access/docs/sft.htm\"},\"content\":[{\"data\":{},\"marks\":[],\"value\":\"Install the Advanced Server Access client | Okta\",\"nodeType\":\"text\"}],\"nodeType\":\"hyperlink\"},{\"data\":{},\"marks\":[],\"value\":\"\",\"nodeType\":\"text\"}],\"nodeType\":\"paragraph\"}],\"nodeType\":\"document\"}"},"shortDescription":{"shortDescription":"Okta Advanced Server Access Client versions 1.13.1 through 1.68.1 are vulnerable to command injection due to the third-party library webbrowser."}}},"pageContext":{"matchPath":null,"language":"en","id":"25fb23bc-e822-5f00-8c26-be2ca362b3e6","slug":"/security-advisories/okta-advanced-server-access-client-cve-2023-0093"}},
    "staticQueryHashes": ["2744905544"]}