CVE-2022-0018— GlobalProtect App: Information Exposure Vulnerability When Connecting to GlobalProtect Portal With Single Sign-On Enabled
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2022-0018
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
GlobalProtect App: Information Exposure Vulnerability When Connecting to GlobalProtect Portal With Single Sign-On Enabled
Source: NVD (National Vulnerability Database)
Vulnerability Description
An information exposure vulnerability exists in the Palo Alto Networks GlobalProtect app on Windows and MacOS where the credentials of the local user account are sent to the GlobalProtect portal when the Single Sign-On feature is enabled in the GlobalProtect portal configuration. This product behavior is intentional and poses no security risk when connecting to trusted GlobalProtect portals configured to use the same Single Sign-On credentials both for the local user account as well as the GlobalProtect login. However when the credentials are different, the local account credentials are inadvertently sent to the GlobalProtect portal for authentication. A third party MITM type of attacker cannot see these credentials in transit. This vulnerability is a concern where the GlobalProtect app is deployed on Bring-your-Own-Device (BYOD) type of clients with private local user accounts or GlobalProtect app is used to connect to different organizations. Fixed versions of GlobalProtect app have an app setting to prevent the transmission of the user's local user credentials to the target GlobalProtect portal regardless of the portal configuration. This issue impacts: GlobalProtect app 5.1 versions earlier than GlobalProtect app 5.1.10 on Windows and MacOS; GlobalProtect app 5.2 versions earlier than GlobalProtect app 5.2.9 on Windows and MacOS This issue does not affect GlobalProtect app on other platforms.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过发送数据的信息暴露
Source: NVD (National Vulnerability Database)
Vulnerability Title
GlobalProtect 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Palo Alto Networks GlobalProtect是美国Palo Alto Networks公司的一套网络防护软件。该软件可提供防火墙监控及威胁预防等功能。 Palo Alto Networks GlobalProtect应用程序在Windows和MacOS上存在信息泄露漏洞,当GlobalProtect portal 配置中启用单点登录功能时,本地用户帐户的凭据将被发送到GlobalProtect portal。以下产品及版本受到影响:在Windows and MacOS上的GlobalP
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Palo Alto Networks | GlobalProtect App | 5.2 ~ 5.2.9 | - | |
| Palo Alto Networks | GlobalProtect App | 5.3.* | - |
II. Public POCs for CVE-2022-0018
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2022-0018
请登录查看更多情报信息。
- https://security.paloaltonetworks.com/CVE-2022-0018x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2022-0018
Same Patch Batch · Palo Alto Networks · 2022-02-10 · 7 CVEs total
| CVE-2022-0016 | 7.4 HIGH | GlobalProtect App: Privilege Escalation Vulnerability When Using Connect Before Logon |
| CVE-2022-0017 | 7.0 HIGH | GlobalProtect App: Improper Link Resolution Vulnerability Leads to Local Privilege Escalat |
| CVE-2022-0020 | 6.8 MEDIUM | Cortex XSOAR: Stored Cross-Site Scripting (XSS) Vulnerability in Web Interface |
| CVE-2022-0011 | 6.5 MEDIUM | PAN-OS: URL Category Exceptions Match More URLs Than Intended in URL Filtering |
| CVE-2022-0019 | 4.7 MEDIUM | GlobalProtect App: Insufficiently Protected Credentials Vulnerability on Linux |
| CVE-2022-0021 | 3.3 LOW | GlobalProtect App: Information Exposure Vulnerability When Using Connect Before Logon |
IV. Related Vulnerabilities
Same product: GlobalProtect App
- CVE-2025-2183
GlobalProtect App: Improper Certificate Validation Leads to - CVE-2025-2179
GlobalProtect App: Non Admin User Can Disable the GlobalProt - CVE-2025-0141
GlobalProtect App: Privilege Escalation (PE) Vulnerability - CVE-2025-0140
GlobalProtect App: Non Admin User Can Disable the GlobalProt - CVE-2025-4227
GlobalProtect App: Interception in Endpoint Traffic Policy E
Same vendor: Palo Alto Networks
- CVE-2026-0300
PAN-OS: Unauthenticated user initiated Buffer Overflow Vulne - CVE-2026-0232
Cortex XDR Agent: Local Administrator can disable the agent - CVE-2026-0233
Autonomous Digital Experience Manager: Improper validation o - CVE-2026-0234
Cortex XSOAR: Improper Verification of Cryptographic Signatu - CVE-2026-0231
Cortex XDR Broker VM: Sensitive Information Disclosure Vulne
Same weakness: CWE-201
- CVE-2025-31978
HCL BigFix Service Management (SM) does not adequately sanit - CVE-2026-42379
WordPress Templately plugin <= 3.6.1 - Sensitive Data Exposu - CVE-2026-5512
Improper authorization vulnerability in GitHub Enterprise Se - CVE-2026-40161
Tekton Pipelines: Git resolver API mode leaks system-configu - CVE-2026-4525
Vault Token Leaked to Backends via Authorization: Bearer Pas
V. Comments for CVE-2022-0018
No comments yet