Vulnerabilities > Zscaler
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-23 | CVE-2023-28805 | Unspecified vulnerability in Zscaler Client Connector An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation. | 9.8 |
| 2023-08-31 | CVE-2023-41717 | Files or Directories Accessible to External Parties vulnerability in Zscaler Proxy Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions. | 5.5 |
| 2023-08-31 | CVE-2023-28801 | Improper Verification of Cryptographic Signature vulnerability in Zscaler Internet Access Admin Portal An Improper Verification of Cryptographic Signature in the SAML authentication of the Zscaler Admin UI allows a Privilege Escalation.This issue affects Admin UI: from 6.2 before 6.2r. | 9.8 |
| 2023-06-22 | CVE-2023-28799 | Open Redirect vulnerability in Zscaler Client Connector A URL parameter during login flow was vulnerable to injection. | 6.1 |
| 2023-06-22 | CVE-2023-28800 | Cross-site Scripting vulnerability in Zscaler Client Connector When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login. | 6.1 |
| 2021-07-15 | CVE-2020-11632 | Unquoted Search Path or Element vulnerability in Zscaler Client Connector The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges. | 7.2 |
| 2021-07-15 | CVE-2020-11634 | Uncontrolled Search Path Element vulnerability in Zscaler Client Connector The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. | 6.9 |
| 2021-07-15 | CVE-2020-11633 | Out-of-bounds Write vulnerability in Zscaler Client Connector The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. | 10.0 |
| 2021-02-16 | CVE-2020-11635 | Improper Privilege Management vulnerability in Zscaler Client Connector The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges. | 7.2 |