Zscaler: >> Client Connector >> 4.2.0.190 Security Vulnerabilities
In certain cases, Zscaler Internet Access (ZIA) can be disabled by PowerShell commands with admin rights. This affects Zscaler Client Connector on Windows <4.2.1
CVSS Score
7.2
EPSS Score
0.001
Published
2024-08-06
An arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp issue reporting file from the unprivileged end user access and modification. Fixed version: Win ZApp 4.3.0 and later.
CVSS Score
7.3
EPSS Score
0.001
Published
2024-03-26
In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4.3.0.121 and later.
CVSS Score
7.3
EPSS Score
0.001
Published
2024-03-26
ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later.
CVSS Score
7.3
EPSS Score
0.001
Published
2024-03-26