VYPR
Vendor

Okta

Products
16
CVEs
16
Across products
18
Status
Private

Products

16

Recent CVEs

16
  • CVE-2022-24295HigFeb 21, 2022
    risk 0.59cvss 8.8epss 0.18

    Okta Advanced Server Access Client for Windows prior to version 1.57.0 was found to be vulnerable to command injection via a specially crafted URL.

  • CVE-2023-0093HigMar 6, 2023
    risk 0.57cvss 8.8epss 0.01

    Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an…

  • CVE-2022-1030HigMar 23, 2022
    risk 0.57cvss 8.8epss 0.01

    Okta Advanced Server Access Client for Linux and macOS prior to version 1.58.0 was found to be vulnerable to command injection via a specially crafted URL. An attacker, who has knowledge of a valid team name for the victim and also knows a valid target host where the user has…

  • CVE-2024-10327HigOct 24, 2024
    risk 0.53cvss 8.1epss 0.01

    A vulnerability in Okta Verify for iOS versions 9.25.1 (beta) and 9.27.0 (including beta) allows push notification responses through the iOS ContextExtension feature allowing the authentication to proceed regardless of the user’s selection. When a user long-presses the…

  • CVE-2024-9875HigNov 21, 2024
    risk 0.46cvss 7.1epss 0.00

    Okta Privileged Access server agent (SFTD) versions 1.82.0 to 1.84.0 are affected by a privilege escalation vulnerability when the sudo command bundles feature is enabled. To remediate this vulnerability, upgrade the Okta Privileged Access server agent (SFTD) to version 1.87.1…

  • CVE-2024-9191HigNov 1, 2024
    risk 0.46cvss 7.1epss 0.00

    The Okta Device Access features, provided by the Okta Verify agent for Windows, provides access to the OktaDeviceAccessPipe, which enables attackers in a compromised device to retrieve passwords associated with Desktop MFA passwordless logins. The vulnerability was discovered…

  • CVE-2024-0981HigJul 23, 2024
    risk 0.46cvss 7.1epss 0.00

    Okta Browser Plugin versions 6.5.0 through 6.31.0 (Chrome/Edge/Firefox/Safari) are vulnerable to cross-site scripting. This issue occurs when the plugin prompts the user to save these credentials within Okta Personal. A fix was implemented to properly escape these fields,…

  • CVE-2024-0980HigMar 28, 2024
    risk 0.46cvss 7.1epss 0.00

    The Auto-update service for Okta Verify for Windows is vulnerable to two flaws which in combination could be used to execute arbitrary code.

  • CVE-2021-28113MedApr 2, 2021
    risk 0.45cvss 6.7epss 0.22

    A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account.

  • CVE-2025-7371MedJul 22, 2025
    risk 0.44cvss 6.8epss 0.00

    Okta On-Premises Provisioning (OPP) agents log certain user data during administrator-initiated password resets. This vulnerability allows an attacker with access to the local servers running OPP agents to retrieve user personal information and temporary passwords created during…

  • CVE-2023-0392MedNov 8, 2023
    risk 0.44cvss 6.7epss 0.00

    The LDAP Agent Update service with versions prior to 5.18 used an unquoted path, which could allow arbitrary code execution.

  • CVE-2024-7061MedAug 7, 2024
    risk 0.36cvss 5.5epss 0.00

    Okta Verify for Windows is vulnerable to privilege escalation through DLL hijacking. The vulnerability is fixed in Okta Verify for Windows version 5.0.2. To remediate this vulnerability, upgrade to 5.0.2 or greater.

  • CVE-2022-1697LowSep 6, 2022
    risk 0.25cvss 3.9epss 0.00

    Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the…

  • CVE-2022-3145MedJan 12, 2023
    risk 0.24cvss 4.7epss 0.00

    An open redirect vulnerability exists in Okta OIDC Middleware prior to version 5.0.0 allowing an attacker to redirect a user to an arbitrary URL.

  • CVE-2025-67505Dec 10, 2025
    risk 0.00cvss epss 0.00

    Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to…

  • CVE-2025-66033Dec 10, 2025
    risk 0.00cvss epss 0.00

    Okta Java Management SDK facilitates interactions with the Okta management API. In versions 21.0.0 through 24.0.0, specific multithreaded implementations may encounter memory issues as threads are not properly cleaned up after requests are completed. Over time, this can degrade…