Vulnerabilities > Zscaler > Client Connector
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-22 | CVE-2023-28799 | Open Redirect vulnerability in Zscaler Client Connector A URL parameter during login flow was vulnerable to injection. | 6.1 |
| 2023-06-22 | CVE-2023-28800 | Cross-site Scripting vulnerability in Zscaler Client Connector When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login. | 6.1 |
| 2021-07-15 | CVE-2020-11632 | Unquoted Search Path or Element vulnerability in Zscaler Client Connector The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges. | 7.2 |
| 2021-07-15 | CVE-2020-11634 | Uncontrolled Search Path Element vulnerability in Zscaler Client Connector The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. | 6.9 |
| 2021-07-15 | CVE-2020-11633 | Out-of-bounds Write vulnerability in Zscaler Client Connector The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. | 10.0 |
| 2021-02-16 | CVE-2020-11635 | Improper Privilege Management vulnerability in Zscaler Client Connector The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges. | 7.2 |