Vulnerabilities > Zscaler > Client Connector > 4.1.0.85
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-06 | CVE-2023-28806 | Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. | 6.5 |
| 2024-08-06 | CVE-2024-23456 | Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector Anti-tampering can be disabled under certain conditions without signature validation. | 7.5 |
| 2024-08-06 | CVE-2024-23458 | Origin Validation Error vulnerability in Zscaler Client Connector While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. | 7.8 |
| 2024-08-06 | CVE-2024-23464 | Unspecified vulnerability in Zscaler Client Connector In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. | 4.9 |
| 2023-11-21 | CVE-2023-28802 | Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. | 5.4 |