A command injection vulnerability in the cookieDomain and relayDomain parameters of Okta Access Gateway in version 2020.8.4 and earlier allows attackers with admin access to the Okta Access Gateway UI to execute OS commands as a privileged system account.
