Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
soapui vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2019-12180
An issue exists in SmartBear ReadyAPI up to and including 2.8.2 and 3.0.0 and SoapUI up to and including 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an malicious user to execute arbitrary Groovy Language code (Java script...
Smartbear Readyapi
Smartbear Soapui
1 Github repository
9.3
CVSSv2
CVE-2014-1202
The WSDL/WADL import functionality in SoapUI prior to 4.6.4 allows remote malicious users to execute arbitrary Java code via a crafted request parameter in a WSDL file.
Smartbear Soapui
Smartbear Soapui 4.6.2
Smartbear Soapui 4.0
Eviware Soapui 3.5.1
Eviware Soapui 3.5
Smartbear Soapui 4.5.1
Smartbear Soapui 4.5
Eviware Soapui 3.0.1
Eviware Soapui 2.5.1
Smartbear Soapui 4.0.1
Eviware Soapui 3.6.1
Eviware Soapui 3.6
Smartbear Soapui 4.6.1
Smartbear Soapui 4.6.0
Smartbear Soapui 4.5.2
1 EDB exploit
7.5
CVSSv2
CVE-2020-12835
An issue exists in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into the communication, resulting in remote code execution in the context of a client-side Netwo...
Smartbear Readyapi 3.2.5
6.8
CVSSv2
CVE-2017-16670
The project import functionality in SoapUI 5.3.0 allows remote malicious users to execute arbitrary Java code via a crafted request parameter in a WSDL project file.
Smartbear Soapui 5.3.0
4
CVSSv2
CVE-2020-2251
Jenkins SoapUI Pro Functional Testing Plugin 1.5 and previous versions transmits project passwords in its configuration in plain text as part of job configuration forms, potentially resulting in their exposure.
Jenkins Jenkins
Jenkins Soapui Pro Functional Testing
4
CVSSv2
CVE-2020-2250
Jenkins SoapUI Pro Functional Testing Plugin 1.3 and previous versions stores project passwords unencrypted in job config.xml files on the Jenkins controller where they can be viewed by attackers with Extended Read permission, or access to the Jenkins controller file system.
Jenkins Soapui Pro Functional Testing
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-38028
CVE-2024-32406
CVE-2024-25624
IMAP
CVE-2024-2310
CVE-2024-0874
CVE-2024-20359
XXE
remote code execution
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started