CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22891
https://notcve.org/view.php?id=CVE-2023-22891
08 Mar 2023 — There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts. • https://smartbear.com/security/cve • CWE-863: Incorrect Authorization •
CVSS: 10.0EPSS: 3%CPEs: 1EXPL: 0CVE-2023-22889
https://notcve.org/view.php?id=CVE-2023-22889
08 Mar 2023 — SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. This could lead to remote code execution by unauthenticated users. • https://smartbear.com/security/cve • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22890
https://notcve.org/view.php?id=CVE-2023-22890
08 Mar 2023 — SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition. • https://smartbear.com/security/cve • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2023-22892
https://notcve.org/view.php?id=CVE-2023-22892
08 Mar 2023 — There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances. • https://smartbear.com/security/cve • CWE-668: Exposure of Resource to Wrong Sphere •