Vulnerabilities > Zscaler

DATE CVE VULNERABILITY TITLE RISK
2023-10-23 CVE-2023-28805 Unspecified vulnerability in Zscaler Client Connector
An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation.
network
low complexity
zscaler
critical
9.8
2023-08-31 CVE-2023-41717 Files or Directories Accessible to External Parties vulnerability in Zscaler Proxy 3.6.1.25
Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions.
local
low complexity
zscaler CWE-552
5.5
2023-08-31 CVE-2023-28801 Improper Verification of Cryptographic Signature vulnerability in Zscaler Internet Access Admin Portal 6.2
An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler Admin UI allows a Privilege Escalation.This issue affects Admin UI: from 6.2 before 6.2r.
network
low complexity
zscaler CWE-347
critical
9.8
2023-06-22 CVE-2023-28799 Open Redirect vulnerability in Zscaler Client Connector
A URL parameter during login flow was vulnerable to injection.
network
low complexity
zscaler CWE-601
6.1
2023-06-22 CVE-2023-28800 Cross-site Scripting vulnerability in Zscaler Client Connector
When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.
network
low complexity
zscaler CWE-79
6.1
2021-07-15 CVE-2020-11632 Unquoted Search Path or Element vulnerability in Zscaler Client Connector
The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges.
local
low complexity
zscaler CWE-428
7.8
2021-07-15 CVE-2020-11634 Uncontrolled Search Path Element vulnerability in Zscaler Client Connector 2.1/2.1.2/2.1.2.81
The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL.
local
low complexity
zscaler CWE-427
7.8
2021-07-15 CVE-2020-11633 Out-of-bounds Write vulnerability in Zscaler Client Connector 2.1/2.1.2
The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers.
network
low complexity
zscaler CWE-787
critical
9.8
2021-02-16 CVE-2020-11635 Unspecified vulnerability in Zscaler Client Connector
The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges.
local
low complexity
zscaler
7.8