CVE Vulnerability

CVE-2021-44862

Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. The vulnerability exists because the sensitive information is not masked/scrubbed before writing in the logs. A malicious user can use the sensitive information to download data and impersonate another user.

7.8 /10

CVSS v3.0 : HIGH

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 5.9

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://www.netskope.com/company/security-compliance-and-assurance/security-advisories-and-disclosures/netskope-security-advisory-nskpsa-2022-001 Vendor Advisory
Configurations

Configuration 1

cpe:2.3:a:netskope:netskope:*:*:*:*:*:*:*:*
Information

Published : 2022-11-03 08:15

Updated : 2022-11-04 01:28

NVD link : CVE-2021-44862

Mitre link : CVE-2021-44862

Products Affected
No products.
CWE
CWE-532

Insertion of Sensitive Information into Log File