Vulnerabilities > Zscaler > High

DATE CVE VULNERABILITY TITLE RISK
2023-10-23 CVE-2023-28797 Link Following vulnerability in Zscaler Client Connector
Zscaler Client Connector for Windows before 4.1 writes/deletes a configuration file inside specific folders on the disk.
local
low complexity
zscaler CWE-59
7.3
2021-07-15 CVE-2020-11632 Unquoted Search Path or Element vulnerability in Zscaler Client Connector
The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges.
local
low complexity
zscaler CWE-428
7.8
2021-07-15 CVE-2020-11634 Uncontrolled Search Path Element vulnerability in Zscaler Client Connector 2.1/2.1.2/2.1.2.81
The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL.
local
low complexity
zscaler CWE-427
7.8
2021-02-16 CVE-2020-11635 Unspecified vulnerability in Zscaler Client Connector
The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges.
local
low complexity
zscaler
7.8