Zscaler Client_connector
41 CVEs affecting Zscaler Client_connector. Latest disclosed: 2026-03-31. Critical: 1, High: 23.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2020-11633 | Critical | 9.8 | 2021-07-15 | The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. An adversary would p… |
CVE-2024-23463 | High | 8.8 | 2024-04-30 | Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. This affects Zsca… |
CVE-2023-28804 | High | 8.2 | 2023-10-23 | An Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows replacing binaries.This issue affects Linux Clien… |
CVE-2023-28799 | High | 8.2 | 2023-06-22 | A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user aft… |
CVE-2023-28800 | High | 8.1 | 2023-06-22 | When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login. |
CVE-2024-23456 | High | 7.8 | 2024-08-06 | Anti-tampering can be disabled under certain conditions without signature validation. This affects Zscaler Client Connector <4.2.0.190 with anti-tampering enab… |
CVE-2024-23457 | High | 7.8 | 2024-05-01 | The anti-tampering functionality of the Zscaler Client Connector can be disabled under certain conditions when an uninstall password is enforced. This affects… |
CVE-2023-28795 | High | 7.8 | 2023-10-23 | Origin Validation Error vulnerability in Zscaler Client Connector on Linux allows Inclusion of Code in Existing Process. This issue affects Zscaler Client Conn… |
CVE-2023-28793 | High | 7.8 | 2023-10-23 | Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connect… |
CVE-2021-26738 | High | 7.8 | 2023-10-23 | Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code… |
CVE-2020-11634 | High | 7.8 | 2021-07-15 | The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. A local adversary may… |
CVE-2020-11632 | High | 7.8 | 2021-07-15 | The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileg… |
CVE-2020-11635 | High | 7.8 | 2021-02-16 | The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or… |
CVE-2024-3661 | High | 7.6 | 2024-05-06 | DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traff… |
CVE-2024-23480 | High | 7.5 | 2024-05-01 | A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This issue affects Zscaler Client Connector on MacOS prior to 4.2. |
CVE-2024-23458 | High | 7.3 | 2024-08-06 | While copying individual autoupdater log files, reparse point check was missing which could result into crafted attacks, potentially leading to a local privile… |
CVE-2023-41973 | High | 7.3 | 2024-03-26 | ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the… |
CVE-2023-41972 | High | 7.3 | 2024-03-26 | In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4… |
CVE-2023-41969 | High | 7.3 | 2024-03-26 | An arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp issue reporting file from the unprivileged end user access and modi… |
CVE-2024-23464 | High | 7.2 | 2024-08-06 | In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows <4.2… |