Zscaler Product Security Update Advisory

May 31 2024

Overview

An update has been released to address vulnerability in Zscaler product. Users of affected versions are advised to update to the latest version.

Affected Products

Zscaler Client Connector application 4.2.1 or below

Resolved Vulnerabilities

Arbitrary file deletion vulnerability in ZSATrayManager for Windows (CVE-2023-41972)

Disable functionality due to missing password type validation vulnerability in Zscaler Client Connector for Windows (CVE-2023-41973)

Vulnerability in ZSATray for Windows where PreviousInstallerName is passed to TrayManager as a configuration parameter, and TrayManager configures the path and appends PreviousInstallerName to get the full path of the exe (CVE-2023-41969)

Vulnerability Patches

Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest vulnerability patches version.

Zscaler Client Connector Windows v4.3.0.190
Zscaler Client Connector Windows v4.4.0.276

Referenced Sites

[1] CVE-2023-41969, CVE-2023-41972, CVE-2023-41973, CVE-2024-23482 – ZCC vulnerabilities

https://trust.zscaler.com/private.zscaler.com/posts/18226

[2] Cache me if you can – Local Privilege Escalation in Zscaler Client Connector

https://medium.com/csg-govtech/catch-me-if-you-can-local-privilege-escalation-in-zscaler-client-connector-7ad997bd7058

Zscaler Product Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Google Chrome Browser (125.0.6422.141/.142) Security Update Advisory

WordPress Data Table Plugin Security Update Advisory

Overview

Affected Products

Resolved Vulnerabilities

Vulnerability Patches

Referenced Sites

Tags:

Google Chrome Browser (125.0.6422.141/.142) Security Update Advisory

WordPress Data Table Plugin Security Update Advisory