CPE Details
Zscaler Client Connector 3.6 for MacOS
3.6
2023-11-03
18h13 +00:00
18h13 +00:00
2023-11-03
18h13 +00:00
18h13 +00:00
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
CPE Name: cpe:2.3:a:zscaler:client_connector:3.6:*:*:*:*:macos:*:*
Informations
Vendor
zscalerProduct
client_connectorVersion
3.6Target Software
macosRelated CVE
| CVE ID | Published | Description | Score | Severity |
|---|---|---|---|---|
| An Improper Input Validation vulnerability in Zscaler Client Connector on MacOS allows OS Command Injection. This issue affects Zscaler Client Connector on MacOS <4.2. | 9.8 |
Critical |
||
| The Zscaler Updater process does not validate the digital signature of the installer before execution, allowing arbitrary code to be locally executed. This affects Zscaler Client Connector on MacOS <4.2. | 7.8 |
High |
||
| DHCP can add routes to a client’s routing table via the classless static route option (121). VPN-based security solutions that rely on routes to redirect traffic can be forced to leak traffic over the physical interface. An attacker on the same local network can read, disrupt, or possibly modify network traffic that was expected to be protected by the VPN. | 7.6 |
High |
||
| Zscaler Client Connector for macOS prior to 3.7 had an unquoted search path vulnerability via the PATH variable. A local adversary may be able to execute code with root privileges. | 7.8 |
High |
||
| When using local accounts for administration, the redirect url parameter was not encoded correctly, allowing for an XSS attack providing admin login. | 8.1 |
High |
||
| A URL parameter during login flow was vulnerable to injection. An attacker could insert a malicious domain in this parameter, which would redirect the user after auth and send the authorization token to the redirected domain. | 8.2 |
High |
2025©
tesweb SA
