Vulnerabilities > Smartbear
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-15 | CVE-2024-22207 | Insecure Default Initialization of Resource vulnerability in Smartbear Swagger UI 2.0.0/2.0.1 fastify-swagger-ui is a Fastify plugin for serving Swagger UI. | 5.3 |
| 2023-03-08 | CVE-2023-22889 | Code Injection vulnerability in Smartbear Zephyr Enterprise SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. | 9.8 |
| 2023-03-08 | CVE-2023-22890 | Unrestricted Upload of File with Dangerous Type vulnerability in Smartbear Zephyr Enterprise SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition. | 7.5 |
| 2023-03-08 | CVE-2023-22891 | Incorrect Authorization vulnerability in Smartbear Zephyr Enterprise There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts. | 8.1 |
| 2023-03-08 | CVE-2023-22892 | Exposure of Resource to Wrong Sphere vulnerability in Smartbear Zephyr Enterprise There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances. | 7.5 |
| 2022-03-11 | CVE-2018-25031 | Improper Input Validation vulnerability in Smartbear Swagger UI Swagger UI 4.1.2 and earlier could allow a remote attacker to conduct spoofing attacks. | 4.3 |
| 2022-03-11 | CVE-2021-46708 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Smartbear Swagger UI The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim. | 4.3 |
| 2022-03-10 | CVE-2021-41657 | Improper Restriction of Rendered UI Layers or Frames vulnerability in Smartbear Collaborator 6.1.6102 SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack. | 6.1 |
| 2021-03-11 | CVE-2021-21364 | Incorrect Permission Assignment for Critical Resource vulnerability in Smartbear Swagger-Codegen swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. | 5.5 |
| 2021-03-11 | CVE-2021-21363 | Creation of Temporary File in Directory with Incorrect Permissions vulnerability in Smartbear Swagger-Codegen swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. | 4.4 |