Vulnerabilities > Zscaler > Medium

DATE CVE VULNERABILITY TITLE RISK
2023-11-21 CVE-2023-28802 Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector
An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics.
network
low complexity
zscaler CWE-354
5.4
2023-11-06 CVE-2023-28794 Origin Validation Error vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1
Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse.
network
low complexity
zscaler CWE-346
6.5
2023-10-23 CVE-2021-26734 Unspecified vulnerability in Zscaler Client Connector
Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation.
local
low complexity
zscaler
5.5
2023-10-23 CVE-2021-26737 Origin Validation Error vulnerability in Zscaler Client Connector
The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients.
local
high complexity
zscaler CWE-346
4.7
2023-10-23 CVE-2023-28803 Authentication Bypass by Spoofing vulnerability in Zscaler Client Connector
An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass.
low complexity
zscaler CWE-290
6.5
2023-10-23 CVE-2023-28804 Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector
An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105
network
low complexity
zscaler CWE-347
5.3
2023-08-31 CVE-2023-41717 Files or Directories Accessible to External Parties vulnerability in Zscaler Proxy
Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions.
local
low complexity
zscaler CWE-552
5.5
2023-06-22 CVE-2023-28799 Open Redirect vulnerability in Zscaler Client Connector
A URL parameter during login flow was vulnerable to injection.
network
low complexity
zscaler CWE-601
6.1
2023-06-22 CVE-2023-28800 Cross-site Scripting vulnerability in Zscaler Client Connector
When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.
network
low complexity
zscaler CWE-79
6.1
2021-07-15 CVE-2020-11634 Uncontrolled Search Path Element vulnerability in Zscaler Client Connector
The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL.
6.9