Zscaler Client_connector

41 CVEs affecting Zscaler Client_connector. Latest disclosed: 2026-03-31. Critical: 1, High: 23.

Top CVEs affecting Zscaler Client_connector
CVESeverityScorePublishedSummary
CVE-2020-11633Critical9.82021-07-15The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. An adversary would p…
CVE-2024-23463High8.82024-04-30Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. This affects Zsca…
CVE-2023-28804High8.22023-10-23An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Clien…
CVE-2023-28799High8.22023-06-22A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user aft…
CVE-2023-28800High8.12023-06-22When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.
CVE-2024-23456High7.82024-08-06Anti-tampering can be disabled under certain conditions without signature validation. This affects Zscaler Client Connector <4.2.0.190 with anti-tampering enab…
CVE-2024-23457High7.82024-05-01The anti-tampering functionality of the Zscaler Client Connector can be disabled under certain conditions when an uninstall password is enforced. This affects…
CVE-2023-28795High7.82023-10-23Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. This issue affects Zscaler Client Conn…
CVE-2023-28793High7.82023-10-23Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connect…
CVE-2021-26738High7.82023-10-23Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code…
CVE-2020-11634High7.82021-07-15The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. A local adversary may…
CVE-2020-11632High7.82021-07-15The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileg…
CVE-2020-11635High7.82021-02-16The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or…
CVE-2024-3661High7.62024-05-06DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traff…
CVE-2024-23480High7.52024-05-01A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This issue affects Zscaler Client Connector on MacOS prior to 4.2.
CVE-2024-23458High7.32024-08-06While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privile…
CVE-2023-41973High7.32024-03-26ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the…
CVE-2023-41972High7.32024-03-26In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4…
CVE-2023-41969High7.32024-03-26An arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp issue reporting file from the unprivileged end user access and modi…
CVE-2024-23464High7.22024-08-06In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows <4.2…