Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
smartbear vulnerabilities and exploits
(subscribe to this query)
9.3
CVSSv2
CVE-2019-12180
An issue exists in SmartBear ReadyAPI up to and including 2.8.2 and 3.0.0 and SoapUI up to and including 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an malicious user to execute arbitrary Groovy Language code (Java script...
Smartbear Readyapi
Smartbear Soapui
1 Github repository
9.3
CVSSv2
CVE-2018-20580
The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 allows remote malicious users to execute arbitrary Java code via a crafted request parameter in a WSDL file.
Smartbear Readyapi 2.5.0
Smartbear Readyapi 2.6.0
1 EDB exploit
1 Github repository
9.3
CVSSv2
CVE-2014-1202
The WSDL/WADL import functionality in SoapUI prior to 4.6.4 allows remote malicious users to execute arbitrary Java code via a crafted request parameter in a WSDL file.
Smartbear Soapui
Smartbear Soapui 4.6.2
Smartbear Soapui 4.0
Eviware Soapui 3.5.1
Eviware Soapui 3.5
Smartbear Soapui 4.5.1
Smartbear Soapui 4.5
Eviware Soapui 3.0.1
Eviware Soapui 2.5.1
Smartbear Soapui 4.0.1
Eviware Soapui 3.6.1
Eviware Soapui 3.6
Smartbear Soapui 4.6.1
Smartbear Soapui 4.6.0
Smartbear Soapui 4.5.2
1 EDB exploit
9
CVSSv2
CVE-2020-26118
In SmartBear Collaborator Server up to and including 13.3.13302, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability. The application's UpdateMemento class accepts a serialized Java object directly from the user without...
Smartbear Collaborator
7.5
CVSSv2
CVE-2020-12835
An issue exists in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into the communication, resulting in remote code execution in the context of a client-side Netwo...
Smartbear Readyapi 3.2.5
7.5
CVSSv2
CVE-2019-17495
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI prior to 3.23.11 allows malicious users to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this pr...
Smartbear Swagger Ui
Oracle Utilities Framework 4.3.0.6.0
Oracle Utilities Framework 4.4.0.0.0
Oracle Banking Digital Experience 19.1
Oracle Utilities Framework 4.4.0.2.0
Oracle Banking Digital Experience 19.2
Oracle Banking Digital Experience 20.1
Oracle Primavera Gateway
Oracle Banking Platform
Oracle Banking Digital Experience 21.1
Oracle Banking Apis
Oracle Banking Apis 19.1
Oracle Banking Apis 19.2
Oracle Banking Apis 20.1
Oracle Banking Apis 21.1
Oracle Banking Digital Experience
4 Github repositories
6.8
CVSSv2
CVE-2017-16670
The project import functionality in SoapUI 5.3.0 allows remote malicious users to execute arbitrary Java code via a crafted request parameter in a WSDL project file.
Smartbear Soapui 5.3.0
4.4
CVSSv2
CVE-2021-21363
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix like systems, the syste...
Smartbear Swagger-codegen
4.3
CVSSv2
CVE-2021-46708
The swagger-ui-dist package prior to 4.1.3 for Node.js could allow a remote malicious user to hijack the clicking action of the victim. By persuading a victim to visit a malicious Web site, a remote attacker could exploit this vulnerability to hijack the victim's click actio...
Smartbear Swagger-ui-dist
4.3
CVSSv2
CVE-2018-25031
Swagger UI prior to 4.1.3 could allow a remote malicious user to conduct spoofing attacks. By persuading a victim to open a crafted URL, an attacker could exploit this vulnerability to display remote OpenAPI definitions.
Smartbear Swagger Ui
9 Github repositories
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »