CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 2CVE-2019-12180
https://notcve.org/view.php?id=CVE-2019-12180
05 Feb 2020 — An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code (Java scripting language) on the victim machine by inducing it to open a malicious Project. The same issue is present in the "Save Script" function, which is executed automatically when saving a project. Se detectó un problema en SmartBear ReadyAPI versiones hasta 2.8.2 y 3.0... • https://github.com/0x-nope/CVE-2019-12180 •
CVSS: 9.3EPSS: 54%CPEs: 17EXPL: 4CVE-2014-1202 – SoapUI 4.6.3 - Remote Code Execution
https://notcve.org/view.php?id=CVE-2014-1202
14 Jan 2014 — The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file. La funcionalidad de importación WSDL/WADL en SoapUI anteriores a 4.6.4 permite a atacantes remotos ejecutar código Java arbitrario a través de parámetros de petición manipulados en un fichero WSDL. SoapUI versions prior to 4.6.4 suffer from a remote code execution vulnerability. • https://packetstorm.news/files/id/124773 • CWE-94: Improper Control of Generation of Code ('Code Injection') •