Filtered by vendor Zscaler
Subscriptions
Total
48 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2024-23463 | 1 Zscaler | 1 Client Connector | 2026-03-02 | 8.8 High |
| Anti-tampering protection of the Zscaler Client Connector can be bypassed under certain conditions when running the Repair App functionality. This affects Zscaler Client Connector on Windows prior to 4.2.1 | ||||
| CVE-2024-23457 | 1 Zscaler | 1 Client Connector | 2026-03-02 | 7.8 High |
| The anti-tampering functionality of the Zscaler Client Connector can be disabled under certain conditions when an uninstall password is enforced. This affects Zscaler Client Connector on Windows prior to 4.2.0.209 | ||||
| CVE-2023-41971 | 1 Zscaler | 1 Client Connector | 2026-03-02 | 5.3 Medium |
| An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Windows allows a system file to be overwritten.This issue affects Client Connector on Windows: before 3.7. | ||||
| CVE-2025-54982 | 1 Zscaler | 1 Authentication Server | 2026-02-26 | 9.6 Critical |
| An improper verification of cryptographic signature in Zscaler's SAML authentication mechanism on the server-side allowed an authentication abuse. | ||||
| CVE-2026-22567 | 1 Zscaler | 2 Zia Admin Ui, Zscaler Internet Access Admin Portal | 2026-02-26 | 7.6 High |
| Improper validation of user-supplied input in the ZIA Admin UI could allow an authenticated administrator to initiate backend functions through specific input fields in limited scenarios. | ||||
| CVE-2026-22568 | 1 Zscaler | 2 Zia Admin Ui, Zscaler Internet Access Admin Portal | 2026-02-26 | 5.5 Medium |
| Improper neutralization of special elements in user-supplied input within the ZIA Admin UI could allow an authenticated administrator to access or retrieve unauthorized internal information in rare conditions. | ||||
| CVE-2023-41970 | 1 Zscaler | 1 Client Connector | 2026-02-19 | 6 Medium |
| An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on Windows during the Repair App functionality may allow Local Execution of Code.This issue affects Client Connector on Windows: before 4.1.0.62. | ||||
| CVE-2024-23480 | 1 Zscaler | 1 Client Connector | 2026-02-17 | 7.5 High |
| A fallback mechanism in code sign checking on macOS may allow arbitrary code execution. This issue affects Zscaler Client Connector on MacOS prior to 4.2. | ||||
| CVE-2024-23462 | 1 Zscaler | 1 Client Connector | 2026-02-17 | 3.3 Low |
| An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS allows a denial of service of the Client Connector binary and thus removing client functionality.This issue affects Client Connector on MacOS: before 3.4. | ||||
| CVE-2024-23459 | 1 Zscaler | 1 Client Connector | 2026-02-17 | 7.1 High |
| An Improper Link Resolution Before File Access ('Link Following') vulnerability in Zscaler Client Connector on Mac allows a system file to be overwritten.This issue affects Zscaler Client Connector on Mac : before 3.7. | ||||
| CVE-2023-28798 | 1 Zscaler | 1 Client Connector | 2026-02-17 | 6.5 Medium |
| An out-of-bounds write to heap in the pacparser library on Zscaler Client Connector on Mac may lead to arbitrary code execution. | ||||
| CVE-2024-23461 | 1 Zscaler | 1 Client Connector | 2026-02-17 | 4.2 Medium |
| An Improper Validation of Integrity Check Value vulnerability in Zscaler Client Connector on MacOS during the upgrade process may allow a Local Execution of Code.This issue affects Client Connector on MacOS: before 3.4. | ||||
| CVE-2023-28802 | 1 Zscaler | 1 Client Connector | 2026-01-06 | 4.9 Medium |
| An Improper Validation of Integrity Check Value in Zscaler Client Connector on Windows allows an authenticated user to disable ZIA/ZPA by interrupting the service restart from Zscaler Diagnostics. This issue affects Client Connector: before 4.2.0.149. | ||||
| CVE-2025-54983 | 2 Microsoft, Zscaler | 2 Windows, Client Connector | 2025-11-12 | 5.2 Medium |
| A health check port on Zscaler Client Connector on Windows, versions 4.6 < 4.6.0.216 and 4.7 < 4.7.0.47, which under specific circumstances was not released after use, allowed traffic to potentially bypass ZCC forwarding controls. | ||||
| CVE-2023-41969 | 1 Zscaler | 1 Client Connector | 2025-10-10 | 7.3 High |
| An arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp issue reporting file from the unprivileged end user access and modification. Fixed version: Win ZApp 4.3.0 and later. | ||||
| CVE-2023-41972 | 1 Zscaler | 1 Client Connector | 2025-10-10 | 7.3 High |
| In some rare cases, there is a password type validation missing in Revert Password check and for some features it could be disabled. Fixed Version: Win ZApp 4.3.0.121 and later. | ||||
| CVE-2023-41973 | 1 Zscaler | 1 Client Connector | 2025-10-10 | 7.3 High |
| ZSATray passes the previousInstallerName as a config parameter to TrayManager, and TrayManager constructs the path and appends previousInstallerName to get the full path of the exe. Fixed Version: Win ZApp 4.3.0.121 and later. | ||||
| CVE-2024-23482 | 1 Zscaler | 1 Client Connector | 2025-10-10 | 7 High |
| The ZScaler service is susceptible to a local privilege escalation vulnerability found in the ZScalerService process. Fixed Version: Mac ZApp 4.2.0.241 and later. | ||||
| CVE-2024-31127 | 1 Zscaler | 1 Client Connector | 2025-07-13 | 7.3 High |
| An improper verification of a loaded library in Zscaler Client Connector on Mac < 4.2.0.241 may allow a local attacker to elevate their privileges. | ||||
| CVE-2023-28807 | 1 Zscaler | 1 Secure Internet And Saas Access | 2025-06-17 | 5.1 Medium |
| In Zscaler Internet Access (ZIA) a mismatch between Connect Host and Client Hello's Server Name Indication (SNI) enables attackers to evade network security controls by hiding their communications within legitimate traffic. | ||||