Vulnerabilities > Zscaler > Client Connector > 3.5

DATE CVE VULNERABILITY TITLE RISK
2023-11-21 CVE-2023-28802 Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector
An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics.
network
low complexity
zscaler CWE-354
5.4
5.4
2023-10-23 CVE-2021-26735 Unquoted Search Path or Element vulnerability in Zscaler Client Connector
The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability.
local
low complexity
zscaler CWE-428
7.8
7.8
2023-10-23 CVE-2021-26736 Path Traversal vulnerability in Zscaler Client Connector
Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path.
local
low complexity
zscaler CWE-22
7.8
7.8
2023-10-23 CVE-2023-28797 Link Following vulnerability in Zscaler Client Connector
Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk.
local
low complexity
zscaler CWE-59
7.3
7.3
2023-10-23 CVE-2023-28803 Authentication Bypass by Spoofing vulnerability in Zscaler Client Connector
An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass.
low complexity
zscaler CWE-290
6.5
6.5
2023-06-22 CVE-2023-28799 Open Redirect vulnerability in Zscaler Client Connector
A URL parameter during login flow was vulnerable to injection.
network
low complexity
zscaler CWE-601
6.1
6.1
2023-06-22 CVE-2023-28800 Cross-site Scripting vulnerability in Zscaler Client Connector
When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.
network
low complexity
zscaler CWE-79
6.1
6.1