Zscaler: >> Client Connector >> 2.1.2.81 Security Vulnerabilities
A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain.
CVSS Score
8.2
EPSS Score
0.001
Published
2023-06-22
When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login.
CVSS Score
8.1
EPSS Score
0.002
Published
2023-06-22
The Zscaler Client Connector prior to 2.1.2.150 did not quote the search path for services, which allows a local adversary to execute code with system privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-07-15
The Zscaler Client Connector for Windows prior to 2.1.2.105 had a DLL hijacking vulnerability caused due to the configuration of OpenSSL. A local adversary may be able to execute arbitrary code in the SYSTEM context.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-07-15
The Zscaler Client Connector prior to 3.1.0 did not sufficiently validate RPC clients, which allows a local adversary to execute code with system privileges or perform limited actions for which they did not have privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-02-16
Page 2