Product:

Okta_sso

(Sysaid)
Repositories

Unknown:

This might be proprietary software.

#Vulnerabilities 1
Date Id Summary Products Score Patch Annotated
2022-06-24 CVE-2022-23170 SysAid - Okta SSO integration - was found vulnerable to XML External Entity Injection vulnerability. Any SysAid environment that uses the Okta SSO integration might be vulnerable. An unauthenticated attacker could exploit the XXE vulnerability by sending a malformed POST request to the identity provider endpoint. An attacker can extract the identity provider endpoint by decoding the SAMLRequest parameter's value and searching for the AssertionConsumerServiceURL parameter's value. It often... Okta_sso 9.8