Zscaler Client Connector

36 CVEs affecting Zscaler Client Connector. Latest disclosed: 2025-06-04. Critical: 0, High: 20.

Top CVEs affecting Zscaler Client Connector
CVESeverityScorePublishedSummary
CVE-2024-23463High8.82024-04-30Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. This affects Zsca…
CVE-2023-28804High8.22023-10-23An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Clien…
CVE-2023-28799High8.22023-06-22A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user aft…
CVE-2023-28800High8.12023-06-22When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.
CVE-2024-23456High7.82024-08-06Anti-tampering can be disabled under certain conditions without signature validation. This affects Zscaler Client Connector <4.2.0.190 with anti-tampering enab…
CVE-2024-23457High7.82024-05-01The anti-tampering functionality of the Zscaler Client Connector can be disabled under certain conditions when an uninstall password is enforced. This affects…
CVE-2023-28795High7.82023-10-23Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. This issue affects Zscaler Client Conn…
CVE-2023-28793High7.82023-10-23Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connect…
CVE-2021-26738High7.82023-10-23Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code…
CVE-2024-23480High7.52024-05-01A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This issue affects Zscaler Client Connector on MacOS prior to 4.2.
CVE-2024-31127High7.32025-06-04An improper verification of a loaded library in Zscaler Client Connector on Mac < 4.2.0.241 may allow a local attacker to elevate their privileges.
CVE-2024-23458High7.32024-08-06While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privile…
CVE-2023-41973High7.32024-03-26ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the…
CVE-2023-41972High7.32024-03-26In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4…
CVE-2023-41969High7.32024-03-26An arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp issue reporting file from the unprivileged end user access and modi…
CVE-2024-23464High7.22024-08-06In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows <4.2…
CVE-2024-23459High7.12024-05-02An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Mac allows a system file to be overwritten.This…
CVE-2023-28796High7.12023-10-23Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Co…
CVE-2024-23483High7.02024-08-06An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on Mac…
CVE-2024-23482High7.02024-03-26The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. Fixed Version: Mac ZApp 4.2.0.241 and lat…