Vulnerabilities > Zscaler > Client Connector > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-06 | CVE-2024-23456 | Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector Anti-tampering can be disabled under certain conditions without signature validation. | 7.5 |
| 2024-08-06 | CVE-2024-23458 | Origin Validation Error vulnerability in Zscaler Client Connector While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privilege escalation. | 7.8 |
| 2024-08-06 | CVE-2024-23460 | Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. | 7.8 |
| 2023-10-23 | CVE-2021-26735 | Unquoted Search Path or Element vulnerability in Zscaler Client Connector The Zscaler Client Connector Installer and Unsintallers for Windows prior to 3.6 had an unquoted search path vulnerability. | 7.8 |
| 2023-10-23 | CVE-2021-26736 | Path Traversal vulnerability in Zscaler Client Connector Multiple vulnerabilities in the Zscaler Client Connector Installer and Uninstaller for Windows prior to 3.6 allowed execution of binaries from a low privileged path. | 7.8 |
| 2023-10-23 | CVE-2021-26738 | Untrusted Search Path vulnerability in Zscaler Client Connector Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. | 7.8 |
| 2023-10-23 | CVE-2023-28793 | Out-of-bounds Write vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1 Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. | 7.8 |
| 2023-10-23 | CVE-2023-28795 | Origin Validation Error vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1 Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. | 7.8 |
| 2023-10-23 | CVE-2023-28796 | Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1 Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. | 7.8 |
| 2023-10-23 | CVE-2023-28797 | Link Following vulnerability in Zscaler Client Connector Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. | 7.3 |