Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-0093

Okta Advanced Server Access Client versions 1.13.1 through 1.65.0 are vulnerable to command injection due to the third party library webbrowser. An outdated library, webbrowser, used by the ASA client was found to be vulnerable to command injection. To exploit this issue, an attacker would need to phish the user to enter an attacker controlled server URL during enrollment.

Published

2023-03-06T21:15:10.933

Last Modified

2025-03-06T20:15:37.947

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 8.8 (HIGH)

Weaknesses

Type: Primary
CWE-77
Type: Secondary
CWE-77

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	okta	advanced_server_access	< 1.68.2	Yes

References

https://trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2023-0093/ Vendor Advisory ([email protected])
https://trust.okta.com/security-advisories/okta-advanced-server-access-client-cve-2023-0093/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)