Zscaler Client Connector
36 CVEs affecting Zscaler Client Connector. Latest disclosed: 2025-06-04. Critical: 0, High: 20.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2024-23463 | High | 8.8 | 2024-04-30 | Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. This affects Zsca… |
CVE-2023-28804 | High | 8.2 | 2023-10-23 | An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Clien… |
CVE-2023-28799 | High | 8.2 | 2023-06-22 | A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user aft… |
CVE-2023-28800 | High | 8.1 | 2023-06-22 | When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login. |
CVE-2024-23456 | High | 7.8 | 2024-08-06 | Anti-tampering can be disabled under certain conditions without signature validation. This affects Zscaler Client Connector <4.2.0.190 with anti-tampering enab… |
CVE-2024-23457 | High | 7.8 | 2024-05-01 | The anti-tampering functionality of the Zscaler Client Connector can be disabled under certain conditions when an uninstall password is enforced. This affects… |
CVE-2023-28795 | High | 7.8 | 2023-10-23 | Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. This issue affects Zscaler Client Conn… |
CVE-2023-28793 | High | 7.8 | 2023-10-23 | Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connect… |
CVE-2021-26738 | High | 7.8 | 2023-10-23 | Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code… |
CVE-2024-23480 | High | 7.5 | 2024-05-01 | A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This issue affects Zscaler Client Connector on MacOS prior to 4.2. |
CVE-2024-31127 | High | 7.3 | 2025-06-04 | An improper verification of a loaded library in Zscaler Client Connector on Mac < 4.2.0.241 may allow a local attacker to elevate their privileges. |
CVE-2024-23458 | High | 7.3 | 2024-08-06 | While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privile… |
CVE-2023-41973 | High | 7.3 | 2024-03-26 | ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the… |
CVE-2023-41972 | High | 7.3 | 2024-03-26 | In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4… |
CVE-2023-41969 | High | 7.3 | 2024-03-26 | An arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp issue reporting file from the unprivileged end user access and modi… |
CVE-2024-23464 | High | 7.2 | 2024-08-06 | In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows <4.2… |
CVE-2024-23459 | High | 7.1 | 2024-05-02 | An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Mac allows a system file to be overwritten.This… |
CVE-2023-28796 | High | 7.1 | 2023-10-23 | Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Co… |
CVE-2024-23483 | High | 7.0 | 2024-08-06 | An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on Mac… |
CVE-2024-23482 | High | 7.0 | 2024-03-26 | The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. Fixed Version: Mac ZApp 4.2.0.241 and lat… |