Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Client_connector
(Zscaler)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 26 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2023-06-22 | CVE-2023-28799 | A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain. | Client_connector | 6.1 | ||
| 2023-06-22 | CVE-2023-28800 | When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login. | Client_connector | 6.1 | ||
| 2021-07-15 | CVE-2020-11633 | The Zscaler Client Connector for Windows prior to 2.1.2.74 had a stack based buffer overflow when connecting to misconfigured TLS servers. An adversary would potentially have been able to execute arbitrary code with system privileges. | Client_connector | 9.8 | ||
| 2021-07-15 | CVE-2020-11632 | The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges. | Client_connector | 7.8 | ||
| 2021-07-15 | CVE-2020-11634 | The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. A local adversary may be able to execute arbitrary code in the SYSTEM context. | Client_connector | 7.8 | ||
| 2021-02-16 | CVE-2020-11635 | The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges. | Client_connector | 7.8 |