Lucene search

[email protected]CVE-2014-1202

HistoryJan 25, 2014 - 1:55 a.m.

CVE-2014-1202

2014-01-2501:55:05

CWE-94

[email protected]

web.nvd.nist.gov

soapui

security

vulnerability

remote code execution

wsdl

nvd

cve-2014-1202

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.4 High

AI Score

Confidence

Low

0.802 High

EPSS

Percentile

98.3%

JSON

The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.

Affected configurations

NVD

Node

eviwaresoapuiMatch2.5.1

eviwaresoapuiMatch3.0.1

eviwaresoapuiMatch3.5

eviwaresoapuiMatch3.5.1

eviwaresoapuiMatch3.6

eviwaresoapuiMatch3.6.1

smartbearsoapuiRange≤4.6.3

smartbearsoapuiMatch4.0

smartbearsoapuiMatch4.0beta1

smartbearsoapuiMatch4.0beta2

smartbearsoapuiMatch4.0.1

smartbearsoapuiMatch4.5

smartbearsoapuiMatch4.5.1

smartbearsoapuiMatch4.5.2

smartbearsoapuiMatch4.6.0

smartbearsoapuiMatch4.6.1

smartbearsoapuiMatch4.6.2

CPENameOperatorVersion
eviware:soapuieviware soapuieq2.5.1
eviware:soapuieviware soapuieq3.0.1
eviware:soapuieviware soapuieq3.5
eviware:soapuieviware soapuieq3.5.1
eviware:soapuieviware soapuieq3.6
eviware:soapuieviware soapuieq3.6.1
smartbear:soapuismartbear soapuile4.6.3
smartbear:soapuismartbear soapuieq4.0
smartbear:soapuismartbear soapuieq4.0.1
smartbear:soapuismartbear soapuieq4.5

CPE	Name	Operator	Version
eviware:soapui	eviware soapui	eq	2.5.1
eviware:soapui	eviware soapui	eq	3.0.1
eviware:soapui	eviware soapui	eq	3.5
eviware:soapui	eviware soapui	eq	3.5.1
eviware:soapui	eviware soapui	eq	3.6
eviware:soapui	eviware soapui	eq	3.6.1
smartbear:soapui	smartbear soapui	le	4.6.3
smartbear:soapui	smartbear soapui	eq	4.0
smartbear:soapui	smartbear soapui	eq	4.0.1
smartbear:soapui	smartbear soapui	eq	4.5