Vulnerabilities > CVE-2023-22891 - Incorrect Authorization vulnerability in Smartbear Zephyr Enterprise

CVSS 8.1 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

smartbear

CWE-863

NVD

Published: 2023-03-08

Updated: 2023-03-16

Summary

There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts.

Vulnerable Configurations

Part	Description	Count
Application	Smartbear Smartbear Zephyr Enterprise - Smartbear Zephyr Enterprise 6.6 Smartbear Zephyr Enterprise 6.6.1 Smartbear Zephyr Enterprise 6.6.2 Smartbear Zephyr Enterprise 6.6.3 Smartbear Zephyr Enterprise 6.6.4 Smartbear Zephyr Enterprise 6.6.5 Smartbear Zephyr Enterprise 6.6.6 Smartbear Zephyr Enterprise 6.7 Smartbear Zephyr Enterprise 6.7.1 Smartbear Zephyr Enterprise 6.7.2 Smartbear Zephyr Enterprise 6.7.3 Smartbear Zephyr Enterprise 6.8 Smartbear Zephyr Enterprise 6.8.1 Smartbear Zephyr Enterprise 6.8.2 Smartbear Zephyr Enterprise 6.8.3 Smartbear Zephyr Enterprise 6.8.4 Smartbear Zephyr Enterprise 6.9 Smartbear Zephyr Enterprise 6.9.1 Smartbear Zephyr Enterprise 6.9.2 Smartbear Zephyr Enterprise 7.0 Smartbear Zephyr Enterprise 7.1.1 Smartbear Zephyr Enterprise 7.2 Smartbear Zephyr Enterprise 7.3 Smartbear Zephyr Enterprise 7.4.1 Smartbear Zephyr Enterprise 7.5 Smartbear Zephyr Enterprise 7.6 Smartbear Zephyr Enterprise 7.7 Smartbear Zephyr Enterprise 7.8 Smartbear Zephyr Enterprise 7.9 Smartbear Zephyr Enterprise 7.10 Smartbear Zephyr Enterprise 7.11 Smartbear Zephyr Enterprise 7.12 Smartbear Zephyr Enterprise 7.13 Smartbear Zephyr Enterprise 7.14 Smartbear Zephyr Enterprise 7.14.1 Smartbear Zephyr Enterprise 7.15	37

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://smartbear.com/security/cve/