CVE-2023-0093: 
ScaleFT vulnerability analysis and mitigation

Okta Advanced Server Access Client versions 1.13.1 through 1.68.1 were identified as vulnerable to command injection due to a security flaw in the third-party library webbrowser. The vulnerability was discovered and disclosed on February 22, 2023, and was assigned identifier CVE-2023-0093 (Okta Advisory).

The vulnerability is classified as an OS Command Injection (CWE-78) with a CVSS v3 score of 7.5 (Vector: AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H). The security flaw exists in the webbrowser library utilized by the ASA client, which was found to be outdated and susceptible to command injection attacks (Okta Advisory).

If successfully exploited, this vulnerability could allow attackers to execute arbitrary commands on the affected system. The high CVSS score of 7.5 indicates significant potential impact on system confidentiality, integrity, and availability (Okta Advisory).

Okta has released version 1.68.2 of the Advanced Server Access Client to address this vulnerability. Users are advised to upgrade to version 1.68.2 or greater to remediate the security risk (Okta Advisory).

The vulnerability was responsibly disclosed with acknowledgment to Tao Sauvage from Anvil Secure for assistance in identifying the security flaw (Okta Advisory).