Skip to main content

Zephyr Enterprise

4 CVEs product

Monthly

CVE-2023-22892 HIGH This Week

There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zephyr Enterprise
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22891 HIGH This Week

There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Zephyr Enterprise
NVD
CVSS 3.1
8.1
EPSS
0.5%
CVE-2023-22890 HIGH This Week

SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Denial Of Service Zephyr Enterprise
NVD
CVSS 3.1
7.5
EPSS
0.6%
CVE-2023-22889 CRITICAL Act Now

SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Zephyr Enterprise
NVD
CVSS 3.1
9.8
EPSS
1.3%
EPSS 1% CVSS 7.5
HIGH This Week

There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Zephyr Enterprise
NVD
EPSS 1% CVSS 8.1
HIGH This Week

There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Privilege Escalation Authentication Bypass Zephyr Enterprise
NVD
EPSS 1% CVSS 7.5
HIGH This Week

SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

File Upload Denial Of Service Zephyr Enterprise
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE Code Injection Zephyr Enterprise
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy