The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
2014-01-25T01:55:05.973
2025-04-11T00:51:21.963
Deferred
CVSSv2: 9.3 (HIGH)
AV:N/AC:M/Au:N/C:C/I:C/A:C
8.6
10.0
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | eviware | soapui | 2.5.1 | Yes |
| Application | eviware | soapui | 3.0.1 | Yes |
| Application | eviware | soapui | 3.5 | Yes |
| Application | eviware | soapui | 3.5.1 | Yes |
| Application | eviware | soapui | 3.6 | Yes |
| Application | eviware | soapui | 3.6.1 | Yes |
| Application | smartbear | soapui | ≤ 4.6.3 | Yes |
| Application | smartbear | soapui | 4.0 | Yes |
| Application | smartbear | soapui | 4.0 | Yes |
| Application | smartbear | soapui | 4.0 | Yes |
| Application | smartbear | soapui | 4.0.1 | Yes |
| Application | smartbear | soapui | 4.5 | Yes |
| Application | smartbear | soapui | 4.5.1 | Yes |
| Application | smartbear | soapui | 4.5.2 | Yes |
| Application | smartbear | soapui | 4.6.0 | Yes |
| Application | smartbear | soapui | 4.6.1 | Yes |
| Application | smartbear | soapui | 4.6.2 | Yes |