Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-1697

Okta Active Directory Agent versions 3.8.0 through 3.11.0 installed the Okta AD Agent Update Service using an unquoted path. Note: To remediate this vulnerability, you must uninstall Okta Active Directory Agent and reinstall Okta Active Directory Agent 3.12.0 or greater per the documentation.

Published

2022-09-06T18:15:10.493

Last Modified

2024-11-21T06:41:16.253

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.9 (LOW)

Weaknesses

Type: Primary
CWE-428

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	okta	active_directory_agent	3.8.0	Yes
Application	okta	active_directory_agent	3.9.0	Yes
Application	okta	active_directory_agent	3.10.0	Yes
Application	okta	active_directory_agent	3.11.0	Yes

References

https://help.okta.com/en-us/Content/Topics/Directory/ad-agent-update.htm Vendor Advisory ([email protected])
https://support.okta.com/help/s/article/Security-Notice-CVE-2022-1697-FAQ Mitigation, Vendor Advisory ([email protected])
https://trust.okta.com/security-advisories/okta-active-directory-agent-cve-2022-1697 Vendor Advisory ([email protected])
https://help.okta.com/en-us/Content/Topics/Directory/ad-agent-update.htm Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://support.okta.com/help/s/article/Security-Notice-CVE-2022-1697-FAQ Mitigation, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://trust.okta.com/security-advisories/okta-active-directory-agent-cve-2022-1697 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)