CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-26118
https://notcve.org/view.php?id=CVE-2020-26118
In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability. The application's UpdateMemento class accepts a serialized Java object directly from the user without properly sanitizing it. A malicious object can be submitted to the server via an authenticated attacker to execute commands on the underlying system. En SmartBear Collaborator Server versiones hasta 13.3.13302, el uso de la API de Google Web Toolkit (GWT) introduce una vulnerabilidad de deserialización de Java post-autenticación. La clase UpdateMemento de la aplicación acepta un objeto Java serializado directamente del usuario sin sanear apropiadamente. • https://support.smartbear.com/collaborator/docs/general-info/version-history/ver-13/ver-13-0.html https://support.smartbear.com/collaborator/docs/general-info/whats-new.html https://support.smartbear.com/collaborator/docs/server/index.html • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.8EPSS: 2%CPEs: 1EXPL: 3CVE-2020-12835 – Protection Licensing Toolkit ReadyAPI 3.2.5 Code Execution / Deserialization
https://notcve.org/view.php?id=CVE-2020-12835
An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into the communication, resulting in remote code execution in the context of a client-side Network Licensing Protocol component. Se detectó un problema en SmartBear ReadyAPI SoapUI Pro versión 3.2.5. Debido al uso no seguro de un protocolo basado en Java RMI en una configuración no segura, un atacante puede inyectar objetos serializados maliciosos en la comunicación, resultando en una ejecución de código remota en el contexto de un componente Network Licensing Protocol del lado del cliente. • http://packetstormsecurity.com/files/157772/Protection-Licensing-Toolkit-ReadyAPI-3.2.5-Code-Execution-Deserialization.html http://seclists.org/fulldisclosure/2020/May/38 https://www.syss.de/fileadmin/dokumente/Publikationen/Advisories/SYSS-2019-039.txt https://www.syss.de/pentest-blog • CWE-502: Deserialization of Untrusted Data •
CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 2CVE-2019-12180
https://notcve.org/view.php?id=CVE-2019-12180
An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code (Java scripting language) on the victim machine by inducing it to open a malicious Project. The same issue is present in the "Save Script" function, which is executed automatically when saving a project. Se detectó un problema en SmartBear ReadyAPI versiones hasta 2.8.2 y 3.0.0 y SoapUI versiones hasta 5.5. • https://github.com/0x-nope/CVE-2019-12180 https://lab.mediaservice.net/advisory/2020-04-readyapi-soapui.txt •
CVSS: 9.8EPSS: 2%CPEs: 17EXPL: 3CVE-2019-17495
https://notcve.org/view.php?id=CVE-2019-17495
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method. Una vulnerabilidad de inyección de Cascading Style Sheets (CSS) en Swagger UI versiones anteriores a la versión 3.23.11, permite a atacantes utilizar la técnica de sobrescritura de ruta relativa (RPO) para realizar una exfiltración del valor de campo de entrada basada en CSS, como la exfiltración de un valor de token CSRF. En otras palabras, este producto permite intencionalmente insertar datos JSON no confiables desde servidores remotos, pero no se sabía previamente que (style)@import dentro de los datos JSON era un método de ataque funcional. • https://github.com/ossf-cve-benchmark/CVE-2019-17495 https://github.com/SecT0uch/CVE-2019-17495-test https://github.com/swagger-api/swagger-ui/releases/tag/v3.23.11 https://github.com/tarantula-team/CSS-injection-in-Swagger-UI https://lists.apache.org/thread.html/r103579b01da2d0aa0f672b88f811224bbf8ef493aaad845895955e91%40%3Ccommits.airflow.apache.org%3E https://lists.apache.org/thread.html/r3acb7e494cf1aab99b6784b7c5bbddfd0d4f8a484ab534c3a61ef9cf%40%3Ccommits.airflow.apache.org%3E https://lists.apache.org/thread.html/r84b3 • CWE-352: Cross-Site Request Forgery (CSRF) •
CVSS: 9.3EPSS: 20%CPEs: 2EXPL: 2CVE-2018-20580 – ReadyAPI 2.5.0 / 2.6.0 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2018-20580
The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file. La funcionalidad de importación WSDL de SmartBear ReadyAPI,versiones 2.5.0 y 2.6.0, permite a los atacantes remotos ejecutar código Java arbitrario a través de un parámetro de solicitud creado en un archivo WSDL. ReadyAPI versions 2.5.0 and 2.6.0 suffer from a remote code execution vulnerability. • https://www.exploit-db.com/exploits/46796 https://github.com/gscamelo/CVE-2018-20580 http://packetstormsecurity.com/files/152731/ReadyAPI-2.5.0-2.6.0-Remote-Code-Execution.html https://vimeo.com/332912402 https://vimeo.com/332912473 • CWE-20: Improper Input Validation •