Registration is now open for SASE Week 2023! Get on the guest list.
Protect against advanced and cloud-enabled threats and safeguard data across all vectors.
Intelligent Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG), and Private Access for ZTNA built natively into a single solution to help every business on its journey to Secure Access Service Edge (SASE) architecture.
Confidently provide secure, high-performance access to every remote user, device, site, and cloud.
Netskope Borderless SD-WAN offers an architecture that converges zero trust principles and assured application performance to provide unprecedented secure, high-performance connectivity for every site, cloud, remote user, and IoT device.
NewEdge is the world’s largest, highest-performing security private cloud.
Netskope NewEdge is the world’s largest, highest-performing security private cloud and provides customers with unparalleled service coverage, performance and resilience.
Unrivaled visibility and real-time data and threat protection on the world's largest security private cloud.
Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.
Netskope partners with the strongest companies in enterprise technology.
The Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.
Achieve agility and efficiency through digital transformation.
Meet the security challenges of today and tomorrow.
Embrace the regulatory frameworks shaping cybersecurity.
Netskope helps the largest agencies and enterprises in the world secure their journey to the cloud.
Learn more about how Netskope can help you secure your journey to the cloud.
Leveling Up the SASE Conversation
Robert Arandjelovic and Gerry Plaza sit down to chat with Max Havey about how embracing a SASE journey can help bring networking and security teams closer together.
Learn how Netskope enables security and networking transformation through security service edge (SSE).
How Netskope can enable the Zero Trust and SASE journey through security service edge (SSE) capabilities.
Stay ahead of the latest security trends and connect with your peers.
Join us for the fourth annual SASE Week, September 26-28.
Everything you need to know in our cybersecurity encyclopedia.
Explore the security side of SASE, the future of network and protection in the cloud.
Netskope serves more than 2,000 customers worldwide including more than 25 of the Fortune 100
We are here for you and with you every step of the way, ensuring your success with Netskope.
Learn from other network, data, and security professionals.
Netskope training will help you become a cloud security expert.
We help you stay ahead of cloud, data, and network security challenges.
Netskope is proud to participate in Vision 2045: an initiative aimed to raise awareness on private industry’s role in sustainability.
Cloud transformation and work from anywhere have changed how security needs to work.
Netskope recognized as a Leader in the 2023 Gartner® Magic Quadrant™ for Security Service Edge.
Our leadership team is fiercely committed to doing everything it takes to make our customers successful.
We partner with security leaders to help you secure your journey to the cloud.
Protect against advanced and cloud-enabled threats and safeguard data across all vectors.
Confidently provide secure, high-performance access to every remote user, device, site, and cloud.
Intelligent Security Service Edge (SSE), Cloud Access Security Broker (CASB), Cloud Firewall, Next Generation Secure Web Gateway (SWG), and Private Access for ZTNA built natively into a single solution to help every business on its journey to Secure Access Service Edge (SASE) architecture.
Go to Products OverviewNetskope Borderless SD-WAN offers an architecture that converges zero trust principles and assured application performance to provide unprecedented secure, high-performance connectivity for every site, cloud, remote user, and IoT device.
Read the articleNewEdge is the world’s largest, highest-performing security private cloud.
Unrivaled visibility and real-time data and threat protection on the world's largest security private cloud.
Netskope partners with the strongest companies in enterprise technology.
Netskope NewEdge is the world’s largest, highest-performing security private cloud and provides customers with unparalleled service coverage, performance and resilience.
Learn about NewEdgePlan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.
Get the white paperThe Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.
Learn about Cloud ExchangeAchieve agility and efficiency through digital transformation.
Meet the security challenges of today and tomorrow.
Embrace the regulatory frameworks shaping cybersecurity.
Netskope helps the largest agencies and enterprises in the world secure their journey to the cloud.
Learn more about how Netskope can help you secure your journey to the cloud.
Learn how Netskope enables security and networking transformation through security service edge (SSE).
Stay ahead of the latest security trends and connect with your peers.
Everything you need to know in our cybersecurity encyclopedia.
Leveling Up the SASE Conversation
Robert Arandjelovic and Gerry Plaza sit down to chat with Max Havey about how embracing a SASE journey can help bring networking and security teams closer together.
How Netskope can enable the Zero Trust and SASE journey through security service edge (SSE) capabilities.
Read the blogJoin us for the fourth annual SASE Week, September 26-28.
Get on the guest listExplore the security side of SASE, the future of network and protection in the cloud.
Learn about Security Service EdgeNetskope serves more than 2,000 customers worldwide including more than 25 of the Fortune 100
We are here for you and with you every step of the way, ensuring your success with Netskope.
Learn from other network, data, and security professionals.
Netskope training will help you become a cloud security expert.
We help you stay ahead of cloud, data, and network security challenges.
Cloud transformation and work from anywhere have changed how security needs to work.
Our leadership team is fiercely committed to doing everything it takes to make our customers successful.
We partner with security leaders to help you secure your journey to the cloud.
Netskope is proud to participate in Vision 2045: an initiative aimed to raise awareness on private industry’s role in sustainability.
Find out moreNetskope recognized as a Leader in the 2023 Gartner® Magic Quadrant™ for Security Service Edge.
Get the reportSensitive information stored in logs for NSclient
Security Advisory ID: NSKPSA-2022-001
Severity Rating: High
First Communicated: Mar 21, 2022
Overall CVSS Score: 8.4
Version: 1.0
Description
Netskope client is impacted by a vulnerability where an authenticated, local attacker can view sensitive information stored in NSClient logs which should be restricted. The vulnerability exists because the sensitive information is not masked/scrubbed before writing in the logs. A malicious user can use the sensitive information to download data and impersonate another user.
CWE-532: Insertion of Sensitive Information into Log File
Affected Product(s) and Version(s)
Netskope Client vR91 and Prior
CVE-ID(s)
CVE-2021-44862
Remediation
Netskope has patched this vulnerability and released a new version. All customers
are recommended to upgrade their NSClients to the latest version. To download
latest version, please refer to download Instructions at Download Netskope Client and Scripts – Netskope Support.
Netskope reference
https://support.netskope.com/s/article/NSKPSA-2022-001-Netskope-Security-Advisory-Sensitive-information-in-audit-logs.
Workaround
There are no workarounds for this vulnerability other than upgrading to the latest version.
General Security Best Practices
Follow the secure tenant configurations to enhance the security of tenants which are listed at https://support.netskope.com/s/article/Secure-Tenant-Configuration.
Special Notes and Acknowledgement
Netskope credits Ben O’Dea and Josh Wilson from IAG Australia for reporting this vulnerability.
Exploitation and Public Disclosures
Netskope is not aware of any public exploitation or disclosures before this date.
Revision History
Version | Date | Section | Notes |
---|---|---|---|
1.0 | Mar 21, 2022 | Initial Disclosure |
Legal Disclaimer
To the maximum extent permitted by applicable law, information provided in this notice is provided “as is” without warranty of any kind. Your use of the information in this notice or materials linked herein are at your own risk. This notice and all aspects of the Netskope Product Security Incident Response Policy are subject to change without notice. Response is not guaranteed for any specific issue or class of issues. Your entitlements regarding warranties, support and maintenance, including vulnerabilities in any Netskope software or service, are governed solely by the applicable master agreement between Netskope and you. The statements in this notice do not modify, enlarge or otherwise amend any of your rights under the applicable master agreement, or create any additional warranties or commitments.
We'd love to hear from you!