Vulnerabilities > Zscaler > Client Connector

DATE CVE VULNERABILITY TITLE RISK
2023-06-22 CVE-2023-28799 Open Redirect vulnerability in Zscaler Client Connector
A URL parameter during login flow was vulnerable to injection.
network
low complexity
zscaler CWE-601
6.1
2023-06-22 CVE-2023-28800 Cross-site Scripting vulnerability in Zscaler Client Connector
When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.
network
low complexity
zscaler CWE-79
6.1
2021-07-15 CVE-2020-11632 Unquoted Search Path or Element vulnerability in Zscaler Client Connector
The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges.
local
low complexity
zscaler CWE-428
7.8
2021-07-15 CVE-2020-11634 Uncontrolled Search Path Element vulnerability in Zscaler Client Connector 2.1/2.1.2/2.1.2.81
The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL.
local
low complexity
zscaler CWE-427
7.8
2021-07-15 CVE-2020-11633 Out-of-bounds Write vulnerability in Zscaler Client Connector 2.1/2.1.2
The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers.
network
low complexity
zscaler CWE-787
critical
9.8
2021-02-16 CVE-2020-11635 Unspecified vulnerability in Zscaler Client Connector
The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges.
local
low complexity
zscaler
7.8