Zephyr Enterprise
by Smartbear
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-22889 | Cri | 0.64 | 9.8 | 0.01 | Mar 8, 2023 | SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. This could lead to remote code execution by unauthenticated users. | ||
| CVE-2023-22891 | Hig | 0.53 | 8.1 | 0.01 | Mar 8, 2023 | There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts. | ||
| CVE-2023-22892 | Hig | 0.49 | 7.5 | 0.01 | Mar 8, 2023 | There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances. | ||
| CVE-2023-22890 | Hig | 0.49 | 7.5 | 0.01 | Mar 8, 2023 | SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition. |
- risk 0.64cvss 9.8epss 0.01
SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. This could lead to remote code execution by unauthenticated users.
- risk 0.53cvss 8.1epss 0.01
There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts.
- risk 0.49cvss 7.5epss 0.01
There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances.
- risk 0.49cvss 7.5epss 0.01
SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition.