Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Netskope Subscribe
Filtered by product Netskope
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-44862 1 Netskope 1 Netskope 2022-11-04 N/A 7.8 HIGH
Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. The vulnerability exists because the sensitive information is not masked/scrubbed before writing in the logs. A malicious user can use the sensitive information to download data and impersonate another user.
CVE-2021-41388 2 Apple, Netskope 2 Macos, Netskope 2022-01-13 7.2 HIGH 7.8 HIGH
Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. The XPC implementation of nsAuxiliarySvc process does not perform validation on new connections before accepting the connection. Thus any low privileged user can connect and call external methods defined in XPC service as root, elevating their privilege to the highest level.
CVE-2019-10882 1 Netskope 1 Netskope 2021-09-14 7.2 HIGH 7.8 HIGH
The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from a stack based buffer overflow in "doHandshakefromServer" function. Local users can use this vulnerability to trigger a crash of the service and potentially cause additional impact on the system.
CVE-2020-24576 1 Netskope 1 Netskope 2021-08-20 9.0 HIGH 8.8 HIGH
Netskope Client through 77 allows low-privileged users to elevate their privileges to NT AUTHORITY\SYSTEM.
CVE-2020-28845 1 Netskope 1 Netskope 2020-12-02 9.3 HIGH 7.8 HIGH
A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system.
CVE-2019-12091 1 Netskope 1 Netskope 2019-10-09 7.2 HIGH 7.8 HIGH
The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. The connection handling function in this service suffers from command injection vulnerability. Local users can use this vulnerability to execute code with NT\SYSTEM privilege.