FKIE_CVE-2025-7371

Vulnerability from fkie_nvd - Published: 2025-07-22 16:15 - Updated: 2025-07-25 15:29
Severity ?
6.8 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Summary
Okta On-Premises Provisioning (OPP) agents log certain user data during administrator-initiated password resets. This vulnerability allows an attacker with access to the local servers running OPP agents to retrieve user personal information and temporary passwords created during password reset. You are affected by this vulnerability if the following preconditions are met: Local server running OPP agent with versions >=2.2.1 and <= 2.3.0, and User account has had an administrator-initiated password reset while using the affected versions.
References
psirt@okta.comhttps://help.okta.com/oie/en-us/content/topics/settings/version_histories/ver_history_opp_agent.htm
Impacted products
Vendor Product Version
To clipboard 

{
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Okta On-Premises Provisioning (OPP) agents log certain user data during administrator-initiated password resets. This vulnerability allows an attacker with access to the local servers running OPP agents to retrieve user personal information and temporary passwords created during password reset. You are affected by this vulnerability if the following preconditions are met: Local server running OPP agent with versions \u003e=2.2.1 and \u003c= 2.3.0, and User account has had an administrator-initiated password reset while using the affected versions."
    },
    {
      "lang": "es",
      "value": "Los agentes de Okta On-Premises Provisioning (OPP) registran ciertos datos de usuario durante los restablecimientos de contrase\u00f1a iniciados por el administrador. Esta vulnerabilidad permite a un atacante con acceso a los servidores locales que ejecutan agentes OPP recuperar informaci\u00f3n personal del usuario y contrase\u00f1as temporales creadas durante el restablecimiento de contrase\u00f1a. Esta vulnerabilidad afecta a los usuarios si se cumplen las siguientes condiciones: el servidor local ejecuta el agente OPP con versiones anteriores a la 2.2.1 y anteriores a la 2.3.0, y la cuenta de usuario ha sido restablecida por el administrador mientras utilizaba las versiones afectadas."
    }
  ],
  "id": "CVE-2025-7371",
  "lastModified": "2025-07-25T15:29:44.523",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.8,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "HIGH",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 4.0,
        "source": "psirt@okta.com",
        "type": "Secondary"
      }
    ]
  },
  "published": "2025-07-22T16:15:34.890",
  "references": [
    {
      "source": "psirt@okta.com",
      "url": "https://help.okta.com/oie/en-us/content/topics/settings/version_histories/ver_history_opp_agent.htm"
    }
  ],
  "sourceIdentifier": "psirt@okta.com",
  "vulnStatus": "Awaiting Analysis",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-532"
        }
      ],
      "source": "psirt@okta.com",
      "type": "Secondary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.