Vulnerabilities > Zscaler > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-06 | CVE-2023-28806 | Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. | 6.5 |
| 2024-08-06 | CVE-2024-23464 | Unspecified vulnerability in Zscaler Client Connector In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. | 4.9 |
| 2023-11-21 | CVE-2023-28802 | Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. | 5.4 |
| 2023-11-06 | CVE-2023-28794 | Origin Validation Error vulnerability in Zscaler Client Connector 1.3/1.3.0.31/1.3.1 Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Privilege Abuse. | 6.5 |
| 2023-10-23 | CVE-2021-26734 | Unspecified vulnerability in Zscaler Client Connector Zscaler Client Connector Installer on Windows before version 3.4.0.124 improperly handled directory junctions during uninstallation. | 5.5 |
| 2023-10-23 | CVE-2021-26737 | Origin Validation Error vulnerability in Zscaler Client Connector The Zscaler Client Connector for macOS prior to 3.6 did not sufficiently validate RPC clients. | 4.7 |
| 2023-10-23 | CVE-2023-28803 | Authentication Bypass by Spoofing vulnerability in Zscaler Client Connector An authentication bypass by spoofing of a device with a synthetic IP address is possible in Zscaler Client Connector on Windows, allowing a functionality bypass. | 6.5 |
| 2023-10-23 | CVE-2023-28804 | Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Client Connector: before 1.4.0.105 | 5.3 |
| 2023-08-31 | CVE-2023-41717 | Files or Directories Accessible to External Parties vulnerability in Zscaler Proxy Inappropriate file type control in Zscaler Proxy versions 3.6.1.25 and prior allows local attackers to bypass file download/upload restrictions. | 5.5 |
| 2023-06-22 | CVE-2023-28799 | Open Redirect vulnerability in Zscaler Client Connector A URL parameter during login flow was vulnerable to injection. | 6.1 |