





























The LDAP Agent Update service used an unquoted path, which could allow arbitrary code execution.
Okta’s LDAP Agent customers that have currently installed or previously had installed versions prior to 5.18 of the Okta LDAP Agent.
The vulnerability is fixed in Okta LDAP Agent version 5.18. To remediate this vulnerability, upgrade to 5.18 or greater.
The LDAP Agent Update service makes use of an unquoted path. A user with sufficiently high privileges, normally an administrator, could place an arbitrary executable into a portion of the path, which would cause it to be run the next time the agent starts.
CVE ID | |
Published Date | 2023-09-19 |
Vulnerability Type | Unquoted Search Path or Element |
CWE | CWE-428 |
CVSS v3 | Score:3.9 Vector string:CVSS:3.1/AV:L/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:L |
此内容由惯性聚合(RSS阅读器)自动聚合整理,仅供阅读参考。 原文来自 — 版权归原作者所有。