Vulnerabilities > Zscaler
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-23 | CVE-2023-28796 | Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1 Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. | 7.8 |
| 2023-10-23 | CVE-2023-28797 | Link Following vulnerability in Zscaler Client Connector Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk. | 7.3 |
| 2023-10-23 | CVE-2023-28803 | Authentication Bypass by Spoofing vulnerability in Zscaler Client Connector An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. | 6.5 |
| 2023-10-23 | CVE-2023-28804 | Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105 | 5.3 |
| 2023-10-23 | CVE-2023-28805 | Unspecified vulnerability in Zscaler Client Connector An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation. | 9.8 |
| 2023-08-31 | CVE-2023-41717 | Files or Directories Accessible to External Parties vulnerability in Zscaler Proxy Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions. | 5.5 |
| 2023-08-31 | CVE-2023-28801 | Improper Verification of Cryptographic Signature vulnerability in Zscaler Internet Access Admin Portal An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler Admin UI allows a Privilege Escalation.This issue affects Admin UI: from 6.2 before 6.2r. | 9.8 |
| 2023-06-22 | CVE-2023-28799 | Open Redirect vulnerability in Zscaler Client Connector A URL parameter during login flow was vulnerable to injection. | 6.1 |
| 2023-06-22 | CVE-2023-28800 | Cross-site Scripting vulnerability in Zscaler Client Connector When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login. | 6.1 |
| 2021-07-15 | CVE-2020-11632 | Unquoted Search Path or Element vulnerability in Zscaler Client Connector The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges. | 7.2 |