CVEInsight.

Free vulnerability intelligence for developers, security teams, and researchers. Data sourced from public databases for informational purposes only.

Explore

Legal

CVE data sourced from NVD / NIST & public disclosures.

smartbear

zephyr_enterprise

4 known vulnerabilities · sorted by CVSS score

CVE-2023-22889

CRITICAL9.8

SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. This could lead to remote code execution by unauthenticated users.

smartbear / zephyr_enterprise

Network

Published Mar 8, 2023

CVE-2023-22891

HIGH8.1

There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts.

smartbear / zephyr_enterprise

Network

Published Mar 8, 2023

CVE-2023-22890

HIGH7.5

SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition.

smartbear / zephyr_enterprise

Network

Published Mar 8, 2023

CVE-2023-22892

HIGH7.5

There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances.

smartbear / zephyr_enterprise

Network

Published Mar 8, 2023