Vulnerabilities > Zscaler > Client Connector
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-06-22 | CVE-2023-28799 | Open Redirect vulnerability in Zscaler Client Connector A URL parameter during login flow was vulnerable to injection. | 6.1 |
2023-06-22 | CVE-2023-28800 | Cross-site Scripting vulnerability in Zscaler Client Connector When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login. | 6.1 |
2021-07-15 | CVE-2020-11632 | Unquoted Search Path or Element vulnerability in Zscaler Client Connector The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges. | 7.8 |
2021-07-15 | CVE-2020-11634 | Uncontrolled Search Path Element vulnerability in Zscaler Client Connector 2.1/2.1.2/2.1.2.81 The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. | 7.8 |
2021-07-15 | CVE-2020-11633 | Out-of-bounds Write vulnerability in Zscaler Client Connector 2.1/2.1.2 The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. | 9.8 |
2021-02-16 | CVE-2020-11635 | Unspecified vulnerability in Zscaler Client Connector The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges. | 7.8 |