CVE-2021-28113

medium

Description

A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway before 2020.9.3 allows attackers (with admin access to the Okta Access Gateway UI) to execute OS commands as a privileged system account.

References

https://www.okta.com/security-advisories/cve-2021-28113

http://packetstormsecurity.com/files/163428/Okta-Access-Gateway-2020.5.5-Authenticated-Remote-Root.html

Details

Source: Mitre, NVD

Published: 2021-04-02

Updated: 2026-06-17

Risk Information

CVSS v2

Base Score: 8.7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:P

Severity: High

CVSS v3

Base Score: 6.7

Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L

Severity: Medium

EPSS

EPSS: 0.22326