Vulnerabilities > Smartbear > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-08 | CVE-2023-22890 | Unrestricted Upload of File with Dangerous Type vulnerability in Smartbear Zephyr Enterprise SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition. | 7.5 |
| 2023-03-08 | CVE-2023-22891 | Incorrect Authorization vulnerability in Smartbear Zephyr Enterprise There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts. | 8.1 |
| 2023-03-08 | CVE-2023-22892 | Exposure of Resource to Wrong Sphere vulnerability in Smartbear Zephyr Enterprise There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances. | 7.5 |
| 2021-03-11 | CVE-2021-21363 | Creation of Temporary File in Directory with Incorrect Permissions vulnerability in Smartbear Swagger-Codegen swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. | 7.0 |
| 2021-01-11 | CVE-2020-26118 | Deserialization of Untrusted Data vulnerability in Smartbear Collaborator In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability. | 8.8 |
| 2020-02-05 | CVE-2019-12180 | Unspecified vulnerability in Smartbear Readyapi and Soapui An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. | 7.8 |
| 2019-05-03 | CVE-2018-20580 | Improper Input Validation vulnerability in Smartbear Readyapi 2.5.0/2.6.0 The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file. | 8.8 |
| 2018-02-19 | CVE-2017-16670 | Code Injection vulnerability in Smartbear Soapui 5.3.0 The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file. | 7.8 |