Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Client_connector
(Zscaler)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 26 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-06-22 | CVE-2023-28799 | A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain. | Client_connector | 6.1 | ||
| 2023-06-22 | CVE-2023-28800 | When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login. | Client_connector | 6.1 | ||
| 2023-10-23 | CVE-2023-28793 | Buffer overflow vulnerability in the signelf library used by Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. | Client_connector | 7.8 | ||
| 2023-10-23 | CVE-2023-28796 | Improper Verification of Cryptographic Signature vulnerability in Zscaler Client Connector on Linux allows Code Injection. This issue affects Zscaler Client Connector for Linux: before 1.3.1.6. | Client_connector | 7.8 | ||
| 2023-10-23 | CVE-2023-28805 | An Improper Input Validation vulnerability in Zscaler Client Connector on Linux allows Privilege Escalation. This issue affects Client Connector: before 1.4.0.105 | Client_connector | 9.8 | ||
| 2024-08-06 | CVE-2023-28806 | An Improper Validation of signature in Zscaler Client Connector on Windows allows an authenticated user to disable anti-tampering. This issue affects Client Connector on Windows <4.2.0.190. | Client_connector | 6.5 |