CVSS: 9.3EPSS: 0%CPEs: 2EXPL: 2CVE-2019-12180
https://notcve.org/view.php?id=CVE-2019-12180
05 Feb 2020 — An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code (Java scripting language) on the victim machine by inducing it to open a malicious Project. The same issue is present in the "Save Script" function, which is executed automatically when saving a project. Se detectó un problema en SmartBear ReadyAPI versiones hasta 2.8.2 y 3.0... • https://github.com/0x-nope/CVE-2019-12180 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-16670 – SoapUI 5.3.0 Code Execution
https://notcve.org/view.php?id=CVE-2017-16670
11 Feb 2018 — The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file. a funcionalidad de importación de proyectos en SoapUI 5.3.0 permite que los atacantes remotos ejecuten código Java arbitrario mediante un parámetro request manipulado en un archivo de proyecto WSDL. SoapUI suffers from an arbitrary code execution vulnerability via a maliciously imported project. • https://packetstorm.news/files/id/146339 • CWE-94: Improper Control of Generation of Code ('Code Injection') •