Vulnerabilities > Netskope > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-26 | CVE-2024-7401 | Improper Authentication vulnerability in Netskope Netskope was notified about a security gap in Netskope Client enrollment process where NSClient is using a static token “Orgkey” as authentication parameter. | 7.5 |
| 2023-11-06 | CVE-2023-4996 | Improper Preservation of Permissions vulnerability in Netskope Netskope was made aware of a security vulnerability in its NSClient product for version 100 & prior where a malicious non-admin user can disable the Netskope client by using a specially-crafted package. | 8.8 |
| 2023-06-15 | CVE-2022-4149 | Time-of-check Time-of-use (TOCTOU) Race Condition vulnerability in Netskope The Netskope client service (prior to R96) on Windows runs as NT AUTHORITY\SYSTEM which writes log files to a writable directory (C:\Users\Public\netSkope) for a standard user. | 7.0 |
| 2023-06-15 | CVE-2023-2270 | Path Traversal vulnerability in Netskope The Netskope client service running with NT\SYSTEM privileges accepts network connections from localhost to start various services and execute commands. | 7.8 |
| 2022-11-03 | CVE-2021-44862 | Information Exposure Through Log Files vulnerability in Netskope Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. | 7.8 |
| 2022-01-04 | CVE-2021-41388 | Improper Privilege Management vulnerability in Netskope Netskope client prior to 89.x on macOS is impacted by a local privilege escalation vulnerability. | 7.8 |
| 2021-08-12 | CVE-2020-24576 | Improper Privilege Management vulnerability in Netskope Netskope Client through 77 allows low-privileged users to elevate their privileges to NT AUTHORITY\SYSTEM. | 8.8 |
| 2020-11-20 | CVE-2020-28845 | Improper Neutralization of Formula Elements in a CSV File vulnerability in Netskope 75.0 A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system. | 7.8 |
| 2019-09-26 | CVE-2019-12091 | OS Command Injection vulnerability in Netskope 57/60 The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. | 7.8 |
| 2019-09-26 | CVE-2019-10882 | Out-of-bounds Write vulnerability in Netskope 57/60 The Netskope client service, v57 before 57.2.0.219 and v60 before 60.2.0.214, running with NT\SYSTEM privilege, accepts network connections from localhost. | 7.8 |