Vulnerability Details CVE-2019-12180
An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code (Java scripting language) on the victim machine by inducing it to open a malicious Project. The same issue is present in the "Save Script" function, which is executed automatically when saving a project.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.083
EPSS Ranking 91.8%
CVSS Severity
CVSS v3 Score 7.8
CVSS v2 Score 9.3
References
Products affected by CVE-2019-12180
-
cpe:2.3:a:smartbear:readyapi:3.0
-
cpe:2.3:a:smartbear:soapui:1.0
-
cpe:2.3:a:smartbear:soapui:1.0.1
-
cpe:2.3:a:smartbear:soapui:1.0.2
-
cpe:2.3:a:smartbear:soapui:1.0.3
-
cpe:2.3:a:smartbear:soapui:1.5
-
cpe:2.3:a:smartbear:soapui:1.6
-
cpe:2.3:a:smartbear:soapui:1.7
-
cpe:2.3:a:smartbear:soapui:1.7.1
-
cpe:2.3:a:smartbear:soapui:1.7.5
-
cpe:2.3:a:smartbear:soapui:1.7.6
-
cpe:2.3:a:smartbear:soapui:2.0
-
cpe:2.3:a:smartbear:soapui:2.0.1
-
cpe:2.3:a:smartbear:soapui:2.0.2
-
cpe:2.3:a:smartbear:soapui:2.5
-
cpe:2.3:a:smartbear:soapui:2.5.1
-
cpe:2.3:a:smartbear:soapui:3.0
-
cpe:2.3:a:smartbear:soapui:3.0.1
-
cpe:2.3:a:smartbear:soapui:3.5
-
cpe:2.3:a:smartbear:soapui:3.5.1
-
cpe:2.3:a:smartbear:soapui:3.6
-
cpe:2.3:a:smartbear:soapui:3.6.1
-
cpe:2.3:a:smartbear:soapui:4.0
-
cpe:2.3:a:smartbear:soapui:4.0.1
-
cpe:2.3:a:smartbear:soapui:4.5
-
cpe:2.3:a:smartbear:soapui:4.5.0
-
cpe:2.3:a:smartbear:soapui:4.5.1
-
cpe:2.3:a:smartbear:soapui:4.5.2
-
cpe:2.3:a:smartbear:soapui:4.6.0
-
cpe:2.3:a:smartbear:soapui:4.6.1
-
cpe:2.3:a:smartbear:soapui:4.6.2
-
cpe:2.3:a:smartbear:soapui:4.6.3
-
cpe:2.3:a:smartbear:soapui:4.6.4
-
cpe:2.3:a:smartbear:soapui:5.0.0
-
cpe:2.3:a:smartbear:soapui:5.1.2
-
cpe:2.3:a:smartbear:soapui:5.1.3
-
cpe:2.3:a:smartbear:soapui:5.2
-
cpe:2.3:a:smartbear:soapui:5.2.0
-
cpe:2.3:a:smartbear:soapui:5.2.1
-
cpe:2.3:a:smartbear:soapui:5.3
-
cpe:2.3:a:smartbear:soapui:5.3.0
-
cpe:2.3:a:smartbear:soapui:5.4
-
cpe:2.3:a:smartbear:soapui:5.5