CVE Vulnerabilities

CVE-2019-12180

Published: Feb 05, 2020 | Modified: Aug 24, 2020
CVSS 3.x
7.8
HIGH
Source:
NVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS 2.x
9.3 HIGH
AV:N/AC:M/Au:N/C:C/I:C/A:C
RedHat/V2
RedHat/V3
Ubuntu

An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy Load Script is automatically executed. This allows an attacker to execute arbitrary Groovy Language code (Java scripting language) on the victim machine by inducing it to open a malicious Project. The same issue is present in the Save Script function, which is executed automatically when saving a project.

Affected Software

Name Vendor Start Version End Version
Readyapi Smartbear 2.8.2 (including) 3.0.0 (including)
Soapui Smartbear * 5.5 (including)

References