CVE Description
CVE
SmartBear Zephyr Enterprise through 7.15.0 mishandles user-defined input during report generation. This could lead to remote code execution by unauthenticated users.
CVE-2023-22889
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22889
SmartBear Zephyr Enterprise through 7.15.0 allows unauthenticated users to upload large files, which could exhaust the local drive space, causing a denial of service condition.
CVE-2023-22890
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22890
There exists a privilege escalation vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by authorized users to reset passwords for other accounts.
CVE-2023-22891
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22891
There exists an information disclosure vulnerability in SmartBear Zephyr Enterprise through 7.15.0 that could be exploited by unauthenticated users to read arbitrary files from Zephyr instances.
CVE-2023-22892
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22892