Vulnerabilities > Zscaler > Client Connector > 3.6.1.23
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-11-21 | CVE-2023-28802 | Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. | 5.4 |
2023-10-23 | CVE-2023-28797 | Link Following vulnerability in Zscaler Client Connector Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. | 7.3 |
2023-10-23 | CVE-2023-28803 | Authentication Bypass by Spoofing vulnerability in Zscaler Client Connector An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. | 6.5 |
2023-06-22 | CVE-2023-28799 | Open Redirect vulnerability in Zscaler Client Connector A URL parameter during login flow was vulnerable to injection. | 6.1 |
2023-06-22 | CVE-2023-28800 | Cross-site Scripting vulnerability in Zscaler Client Connector When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login. | 6.1 |