Vulnerabilities > Smartbear > High

DATE CVE VULNERABILITY TITLE RISK
2024-11-22 CVE-2024-7565 Unspecified vulnerability in Smartbear Soapui .5.7.0
SMARTBEAR SoapUI unpackageAll Directory Traversal Remote Code Execution Vulnerability.
local
low complexity
smartbear
7.8
2023-03-08 CVE-2023-22890 Unrestricted Upload of File with Dangerous Type vulnerability in Smartbear Zephyr Enterprise
SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition.
network
low complexity
smartbear CWE-434
7.5
2023-03-08 CVE-2023-22891 Incorrect Authorization vulnerability in Smartbear Zephyr Enterprise
There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts.
network
low complexity
smartbear CWE-863
8.1
2023-03-08 CVE-2023-22892 Exposure of Resource to Wrong Sphere vulnerability in Smartbear Zephyr Enterprise
There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances.
network
low complexity
smartbear CWE-668
7.5
2021-03-11 CVE-2021-21363 Unspecified vulnerability in Smartbear Swagger-Codegen
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition.
local
high complexity
smartbear
7.0
2021-01-11 CVE-2020-26118 Deserialization of Untrusted Data vulnerability in Smartbear Collaborator
In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability.
network
low complexity
smartbear CWE-502
8.8
2020-02-05 CVE-2019-12180 Unspecified vulnerability in Smartbear Readyapi and Soapui
An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5.
local
low complexity
smartbear
7.8
2019-05-03 CVE-2018-20580 Improper Input Validation vulnerability in Smartbear Readyapi 2.5.0/2.6.0
The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
network
low complexity
smartbear CWE-20
8.8
2018-02-19 CVE-2017-16670 Code Injection vulnerability in Smartbear Soapui 5.3.0
The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file.
local
low complexity
smartbear CWE-94
7.8