Smartbear: Security Vulnerabilities
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition. In swagger-codegen before version 2.4.19, on Unix like systems, the system's temporary directory is shared between all users on that system. A collocated user can observe the process of creating a temporary sub directory in the shared temporary directory and race to complete the creation of the temporary subdirectory. This vulnerability is local privilege escalation because the contents of the `outputFolder` can be appended to by an attacker. As such, code written to this directory, when executed can be attacker controlled. For more details refer to the referenced GitHub Security Advisory. This vulnerability is fixed in version 2.4.19. Note this is a distinct vulnerability from CVE-2021-21364.
CVSS Score
5.3
EPSS Score
0.0
Published
2021-03-11
In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability. The application's UpdateMemento class accepts a serialized Java object directly from the user without properly sanitizing it. A malicious object can be submitted to the server via an authenticated attacker to execute commands on the underlying system.
CVSS Score
8.8
EPSS Score
0.02
Published
2021-01-11
An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into the communication, resulting in remote code execution in the context of a client-side Network Licensing Protocol component.
CVSS Score
9.8
EPSS Score
0.165
Published
2020-05-20
An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. When opening a project, the Groovy "Load Script" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code (Java scripting language) on the victim machine by inducing it to open a malicious Project. The same issue is present in the "Save Script" function, which is executed automatically when saving a project.
CVSS Score
7.8
EPSS Score
0.083
Published
2020-02-05
swagger-ui has XSS in key names
CVSS Score
6.1
EPSS Score
0.049
Published
2019-12-20
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. In other words, this product intentionally allows the embedding of untrusted JSON data from remote servers, but it was not previously known that <style>@import within the JSON data was a functional attack method.
CVSS Score
9.8
EPSS Score
0.137
Published
2019-10-10
The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
CVSS Score
8.8
EPSS Score
0.208
Published
2019-05-03
The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file.
CVSS Score
7.8
EPSS Score
0.004
Published
2018-02-19
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.
CVSS Score
6.1
EPSS Score
0.005
Published
2017-04-10
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
CVSS Score
9.3
EPSS Score
0.173
Published
2014-01-25