← back
CVE-2022-0021

GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon

CVSS 3.3 LOWEPSS 0.2%CWE-532
An information exposure through log file vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows that logs the cleartext credentials of the connecting GlobalProtect user when authenticating using Connect Before Logon feature. This issue impacts GlobalProtect App 5.2 versions earlier than 5.2.9 on Windows. This issue does not affect the GlobalProtect app on other platforms.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Affected products
Palo Alto Networks · GlobalProtect App

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://security.paloaltonetworks.com/CVE-2022-0021