CVE-2023-22890 – SmartBear Zephyr Enterprise versions through 7.... (How to Fix)

Q: What is the severity of CVE-2023-22890?

CVE-2023-22890 has a CVSS score of 7.5 (HIGH). SmartBear Zephyr Enterprise versions through 7.15.0 allow unauthenticated users to upload large files without authentication, which can fill up local storage and cause denial of service. This affects all deployments of Zephyr Enterprise up to version 7.15.0.

📋 TL;DR

SmartBear Zephyr Enterprise versions through 7.15.0 allow unauthenticated users to upload large files without authentication, which can fill up local storage and cause denial of service. This affects all deployments of Zephyr Enterprise up to version 7.15.0.

💻 Affected Systems

Products:

SmartBear Zephyr Enterprise

Versions: Through 7.15.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: All default installations are vulnerable; no special configuration required for exploitation.

📦 What is this software?

Zephyr Enterprise by Smartbear

View all CVEs affecting Zephyr Enterprise →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system unavailability due to disk exhaustion, preventing legitimate users from accessing the application and potentially affecting dependent systems.

🟠

Likely Case

Service degradation or temporary outages as storage fills, requiring manual cleanup and system restarts.

🟢

If Mitigated

Minimal impact with proper file upload restrictions and monitoring in place.

🌐 Internet-Facing: HIGH - Unauthenticated exploitation allows any internet user to trigger the vulnerability.

🏢 Internal Only: MEDIUM - Internal attackers could still exploit, but requires network access.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Simple HTTP file upload requests can trigger the vulnerability without authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 7.16.0 or later

Vendor Advisory: https://smartbear.com/security/cve/

Restart Required: Yes

Instructions:

1. Download Zephyr Enterprise 7.16.0 or later from SmartBear support portal. 2. Backup current installation. 3. Run installer/upgrade following vendor documentation. 4. Restart Zephyr services.

🔧 Temporary Workarounds

Implement file upload restrictions

all

Configure web server or application firewall to restrict file uploads to authenticated users only

Implement disk quota monitoring

all

Set up monitoring and alerts for disk usage on Zephyr server

🧯 If You Can't Patch

Implement network segmentation to restrict access to Zephyr Enterprise from untrusted networks
Deploy WAF with file upload restrictions and rate limiting

🔍 How to Verify

Check if Vulnerable:

Check Zephyr Enterprise version in admin console or configuration files; if version is 7.15.0 or earlier, system is vulnerable.

Check Version:

Check admin console or configuration files for version information

Verify Fix Applied:

Verify version is 7.16.0 or later in admin console and test that unauthenticated file uploads are rejected.

📡 Detection & Monitoring

Log Indicators:

Large file uploads from unauthenticated users
Rapid disk space consumption
HTTP 413 errors

Network Indicators:

Multiple large POST requests to upload endpoints from unauthenticated sources

SIEM Query:

source="zephyr.log" AND ("upload" OR "POST") AND size>100MB AND user="anonymous"

📊 Metadata

CVE ID: CVE-2023-22890

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-434

Published: March 8, 2023

Last Updated: March 5, 2025

🔗 References

https://smartbear.com/security/cve/ Vendor Advisory
https://smartbear.com/security/cve/ Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-22890, you might also want to check these: