4 matches found
CVE-2024-7565
CVE-2024-7565 describes a directory traversal vulnerability in SMARTBEAR SoapUI’s unpackageAll function. The flaw stems from insufficient validation of a user-supplied path used in file operations, allowing an attacker to achieve Remote Code Execution in the context of the current user. Exploitat...
CVE-2019-12180
CVE-2019-12180 affects SmartBear ReadyAPI (up to 2.8.2 and 3.0.0) and SoapUI (up to 5.5). The Groovy Load Script (triggered on project open) and Save Script (on save) may execute arbitrary Groovy code on the victim’s machine via a malicious project, enabling code execution. The Red Hat/Redirectio...
CVE-2014-1202
The cvE-2014-1202 entry corresponds to a code injection/remote code execution vulnerability in SoapUI prior to version 4.6.4. The issue arises in the WSDL/WADL import functionality, where a crafted request parameter in a WSDL file can cause arbitrary Java code execution on the client. Affected co...
CVE-2017-16670
The CVE-2017-16670 entry concerns SoapUI 5.3.0, where the project import functionality allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file. The vulnerability affects the WSDL/project import path and can lead to code execution with high imp...