Sensitive Information store in NSClient logs
CVE-2021-44862

8.4HIGH

Key Information:

Vendor: Netskope
Status: Nsclient
Vendor: CVE Published:; 3 November 2022

What is CVE-2021-44862?

Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. The vulnerability exists because the sensitive information is not masked/scrubbed before writing in the logs. A malicious user can use the sensitive information to download data and impersonate another user.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

NSClient 91.0 and Prior

References

https://www.netskope.com/company/security-compliance-and-...

CVSS V3.1

Score:

8.4

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 3, 2022
Vulnerability Reserved
Dec 13, 2021

Credit

Netskope credits Ben O’Dea and Josh Wilson from IAG Australia for reporting this vulnerability.

JSON

Netskope

What is CVE-2021-44862?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

Affected Version(s)

References

CVSS V3.1

Timeline

Credit

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.