Vulnerabilities > Smartbear

DATE CVE VULNERABILITY TITLE RISK
2024-01-15 CVE-2024-22207 Insecure Default Initialization of Resource vulnerability in Smartbear Swagger UI 2.0.0/2.0.1
fastify-swagger-ui is a Fastify plugin for serving Swagger UI.
network
low complexity
smartbear CWE-1188
5.3
2023-03-08 CVE-2023-22889 Code Injection vulnerability in Smartbear Zephyr Enterprise
SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation.
network
low complexity
smartbear CWE-94
critical
9.8
2023-03-08 CVE-2023-22890 Unrestricted Upload of File with Dangerous Type vulnerability in Smartbear Zephyr Enterprise
SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition.
network
low complexity
smartbear CWE-434
7.5
2023-03-08 CVE-2023-22891 Incorrect Authorization vulnerability in Smartbear Zephyr Enterprise
There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts.
network
low complexity
smartbear CWE-863
8.1
2023-03-08 CVE-2023-22892 Exposure of Resource to Wrong Sphere vulnerability in Smartbear Zephyr Enterprise
There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances.
network
low complexity
smartbear CWE-668
7.5
2022-03-11 CVE-2018-25031 Improper Input Validation vulnerability in Smartbear Swagger UI
Swagger UI before 4.1.3 could allow a remote attacker to conduct spoofing attacks.
network
smartbear CWE-20
4.3
2022-03-11 CVE-2021-46708 Improper Restriction of Rendered UI Layers or Frames vulnerability in Smartbear Swagger UI
The swagger-ui-dist package before 4.1.3 for Node.js could allow a remote attacker to hijack the clicking action of the victim.
4.3
2022-03-10 CVE-2021-41657 Improper Restriction of Rendered UI Layers or Frames vulnerability in Smartbear Collaborator 6.1.6102
SmartBear CodeCollaborator v6.1.6102 was discovered to contain a vulnerability in the web UI which would allow an attacker to conduct a clickjacking attack.
network
low complexity
smartbear CWE-1021
6.1
2021-03-11 CVE-2021-21364 Incorrect Permission Assignment for Critical Resource vulnerability in Smartbear Swagger-Codegen
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition.
local
low complexity
smartbear CWE-732
5.5
2021-03-11 CVE-2021-21363 Creation of Temporary File in Directory with Incorrect Permissions vulnerability in Smartbear Swagger-Codegen
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition.
4.4