7.3
CVE-2023-41969
- EPSS 0.31%
- Veröffentlicht 26.03.2024 15:15:48
- Zuletzt bearbeitet 10.10.2025 15:04:59
- Quelle cve@zscaler.com
- CVE-Watchlists
- Unerledigt
ZSATrayManager Arbitrary File Deletion
An arbitrary file deletion in ZSATrayManager where it protects the temporary encrypted ZApp issue reporting file from the unprivileged end user access and modification. Fixed version: Win ZApp 4.3.0 and later.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zscaler ≫ Client Connector SwPlatformwindows Version < 4.3
VulnDex Vulnerability Enrichment
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.221 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.1 | 1.8 | 5.2 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
|
| cve@zscaler.com | 7.3 | 1.8 | 5.5 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:L
|
CWE-61 UNIX Symbolic Link (Symlink) Following
The product, when opening a file or directory, does not sufficiently account for when the file is a symbolic link that resolves to a target outside of the intended control sphere. This could allow an attacker to cause the product to operate on unauthorized files.
https://help.zscaler.com/client-connector/client-connector-app-release-summary-2023