CVE-2020-28845

Type: 

Unavailable / Other

Severity: 

High

Publication date: 

11/20/2020

Last modified: 

12/02/2020

Description

A CSV injection vulnerability in the Admin portal for Netskope 75.0 allows an unauthenticated user to inject malicious payload in admin's portal thus leads to compromise admin's system.

Impact

Access Vector: Through network

Access Complexity: Media

Authentication: Not required to exploit

Impact Type: Total commitment on system integrity + Total commitment on system confidentiality + Total commitment on system availability

Vulnerable software and versions

• cpe:2.3:a:netskope:netskope:75.0:*:*:*:*:*:*:*

To consult the complete list of products and versions see this page

References to Advisories, Solutions, and Tools

• http://the-it-wonders.blogspot.com/2020/11/netskope-csv-injection-in-admin-ui.html (Source: MISC)

Explanation of fields