SmartBear SoapUI CVE-2019-12180 Arbitrary Code Execution Vulnerability

description-logoDescription

An issue was discovered in SmartBear SoapUI through 5.5. When opening a project, the Groovy \"Load Script\" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code (Java scripting language) on the victim machine by inducing it to open a malicious Project. The same issue is present in the \"Save Script\" function, which is executed automatically when saving a project.

affected-products-logoAffected Applications

SoapUI

CVE References

CVE-2019-12180