Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for Okta On-Premises Provisioning Agent by Okta

    CVE-2025-7371 (GCVE-0-2025-7371)

    Vulnerability from nvd – Published: 2025-07-22 15:49 – Updated: 2025-07-22 19:21
    VLAI
    Summary
    Okta On-Premises Provisioning (OPP) agents log certain user data during administrator-initiated password resets. This vulnerability allows an attacker with access to the local servers running OPP agents to retrieve user personal information and temporary passwords created during password reset. You are affected by this vulnerability if the following preconditions are met: Local server running OPP agent with versions >=2.2.1 and <= 2.3.0, and User account has had an administrator-initiated password reset while using the affected versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    References
    Impacted products
    Vendor Product Version
    Okta Okta On-Premises Provisioning Agent Affected: 2.2.1 , < 2.3.1 (semver)
    Create a notification for this product.
    Date Public
    2025-07-22 15:45
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7371",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-22T19:20:52.253359Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-22T19:21:01.131Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Okta On-Premises Provisioning Agent",
              "vendor": "Okta",
              "versions": [
                {
                  "lessThan": "2.3.1",
                  "status": "affected",
                  "version": "2.2.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-07-22T15:45:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Okta On-Premises Provisioning (OPP) agents log certain user data during administrator-initiated password resets. This vulnerability allows an attacker with access to the local servers running OPP agents to retrieve user personal information and temporary passwords created during password reset. You are affected by this vulnerability if the following preconditions are met: Local server running OPP agent with versions \u003e=2.2.1 and \u003c= 2.3.0, and User account has had an administrator-initiated password reset while using the affected versions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-22T15:54:09.005Z",
            "orgId": "59b22baa-87b2-4371-8e4a-e080df12f74a",
            "shortName": "Okta"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://help.okta.com/oie/en-us/content/topics/settings/version_histories/ver_history_opp_agent.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade the OPP agent to version 2.3.1 or higher."
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "59b22baa-87b2-4371-8e4a-e080df12f74a",
        "assignerShortName": "Okta",
        "cveId": "CVE-2025-7371",
        "datePublished": "2025-07-22T15:49:06.579Z",
        "dateReserved": "2025-07-08T21:45:15.341Z",
        "dateUpdated": "2025-07-22T19:21:01.131Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2025-7371 (GCVE-0-2025-7371)

    Vulnerability from cvelistv5 – Published: 2025-07-22 15:49 – Updated: 2025-07-22 19:21
    VLAI
    Summary
    Okta On-Premises Provisioning (OPP) agents log certain user data during administrator-initiated password resets. This vulnerability allows an attacker with access to the local servers running OPP agents to retrieve user personal information and temporary passwords created during password reset. You are affected by this vulnerability if the following preconditions are met: Local server running OPP agent with versions >=2.2.1 and <= 2.3.0, and User account has had an administrator-initiated password reset while using the affected versions.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-532 - Insertion of Sensitive Information into Log File
    Assigner
    References
    Impacted products
    Vendor Product Version
    Okta Okta On-Premises Provisioning Agent Affected: 2.2.1 , < 2.3.1 (semver)
    Create a notification for this product.
    Date Public
    2025-07-22 15:45
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2025-7371",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-07-22T19:20:52.253359Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-07-22T19:21:01.131Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "Okta On-Premises Provisioning Agent",
              "vendor": "Okta",
              "versions": [
                {
                  "lessThan": "2.3.1",
                  "status": "affected",
                  "version": "2.2.1",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "datePublic": "2025-07-22T15:45:00.000Z",
          "descriptions": [
            {
              "lang": "en",
              "value": "Okta On-Premises Provisioning (OPP) agents log certain user data during administrator-initiated password resets. This vulnerability allows an attacker with access to the local servers running OPP agents to retrieve user personal information and temporary passwords created during password reset. You are affected by this vulnerability if the following preconditions are met: Local server running OPP agent with versions \u003e=2.2.1 and \u003c= 2.3.0, and User account has had an administrator-initiated password reset while using the affected versions."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "NONE",
                "baseScore": 6.8,
                "baseSeverity": "MEDIUM",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "NONE",
                "privilegesRequired": "HIGH",
                "scope": "CHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
                "version": "3.1"
              },
              "format": "CVSS",
              "scenarios": [
                {
                  "lang": "en",
                  "value": "GENERAL"
                }
              ]
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-532",
                  "description": "CWE-532 Insertion of Sensitive Information into Log File",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-07-22T15:54:09.005Z",
            "orgId": "59b22baa-87b2-4371-8e4a-e080df12f74a",
            "shortName": "Okta"
          },
          "references": [
            {
              "tags": [
                "patch"
              ],
              "url": "https://help.okta.com/oie/en-us/content/topics/settings/version_histories/ver_history_opp_agent.htm"
            }
          ],
          "solutions": [
            {
              "lang": "en",
              "value": "Upgrade the OPP agent to version 2.3.1 or higher."
            }
          ]
        }
      },
      "cveMetadata": {
        "assignerOrgId": "59b22baa-87b2-4371-8e4a-e080df12f74a",
        "assignerShortName": "Okta",
        "cveId": "CVE-2025-7371",
        "datePublished": "2025-07-22T15:49:06.579Z",
        "dateReserved": "2025-07-08T21:45:15.341Z",
        "dateUpdated": "2025-07-22T19:21:01.131Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }