CVE-2023-0093

HIGH Year: 2023
CVSS v3 Score
8.8
High
Weakness Type
CWE-77
View all →

Vulnerability Description

Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need to phish the user to enter an attacker controlled server URL during enrollment.

Related Vulnerabilities

CVE-2009-5157

HIGH
CVSS:8.8(High)

On Linksys WAG54G2 1.00.10 devices, there is authenticated command injection via shell metacharacters in the setup.cgi c4_ping_ipaddr variable.

CWE-772009

CVE-2013-2516

HIGH
CVSS:8.8(High)

Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell.

CWE-772013

CVE-2014-6633

HIGH
CVSS:8.8(High)

The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary c...

CWE-772014

CVE-2014-8903

HIGH
CVSS:8.8(High)

IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5iFix10 and 6.0.5 before 6.0.5.6 allows remote authenticated users to load arbitrary Java classes via unspecified vectors.

CWE-772014

CVE-2014-9118

HIGH
CVSS:8.8(High)

The web administrative portal in Zhone zNID GPON 2426A before S3.0.501 allows remote attackers to execute arbitrary commands via shell metacharacters in the ipAddr parameter to zhnping.cmd.

CWE-772014

CVE-2015-1877

HIGH
CVSS:8.8(High)

The open_generic_xdg_mime function in xdg-open in xdg-utils 1.1.0 rc1 in Debian, when using dash, does not properly handle local variables, which allows remote attackers to execute arbitrary commands ...

CWE-772015