Vulnerabilities > Smartbear > Zephyr Enterprise

DATE CVE VULNERABILITY TITLE RISK
2023-03-08 CVE-2023-22889 Code Injection vulnerability in Smartbear Zephyr Enterprise
SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation.
network
low complexity
smartbear CWE-94
critical
9.8
2023-03-08 CVE-2023-22890 Unrestricted Upload of File with Dangerous Type vulnerability in Smartbear Zephyr Enterprise
SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition.
network
low complexity
smartbear CWE-434
7.5
2023-03-08 CVE-2023-22891 Incorrect Authorization vulnerability in Smartbear Zephyr Enterprise
There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts.
network
low complexity
smartbear CWE-863
8.1
2023-03-08 CVE-2023-22892 Exposure of Resource to Wrong Sphere vulnerability in Smartbear Zephyr Enterprise
There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances.
network
low complexity
smartbear CWE-668
7.5