Vulnerabilities > Netskope

DATE CVE VULNERABILITY TITLE RISK
2024-08-26 CVE-2024-7401 Improper Authentication vulnerability in Netskope
Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter.
network
low complexity
netskope CWE-287
7.5
2023-11-06 CVE-2023-4996 Improper Preservation of Permissions vulnerability in Netskope
Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package.
network
low complexity
netskope CWE-281
8.8
2023-06-15 CVE-2022-4149 Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Netskope
The Netskope client service (prior to R96) on Windows runs as NT AUTHORITY\SYSTEM which writes log files to a writable directory (C:\Users\Public\netSkope) for a standard user.
local
high complexity
netskope CWE-367
7.0
2023-06-15 CVE-2023-2270 Path Traversal vulnerability in Netskope
The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands.
local
low complexity
netskope CWE-22
7.8
2022-11-03 CVE-2021-44862 Information Exposure Through Log Files vulnerability in Netskope
Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted.
local
low complexity
netskope CWE-532
7.8
2022-01-04 CVE-2021-41388 Improper Privilege Management vulnerability in Netskope
Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability.
local
low complexity
netskope CWE-269
7.8
2021-08-12 CVE-2020-24576 Improper Privilege Management vulnerability in Netskope
Netskope Client through 77 allows low-privileged users to elevate their privileges to NT AUTHORITY\SYSTEM.
network
low complexity
netskope CWE-269
8.8
2020-11-20 CVE-2020-28845 Improper Neutralization of Formula Elements in a CSV File vulnerability in Netskope 75.0
A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system.
local
low complexity
netskope CWE-1236
7.8
2019-09-26 CVE-2019-12091 OS Command Injection vulnerability in Netskope 57/60
The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost.
local
low complexity
netskope CWE-78
7.8
2019-09-26 CVE-2019-10882 Out-of-bounds Write vulnerability in Netskope 57/60
The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost.
local
low complexity
netskope CWE-787
7.8