SmartBear SoapUI CVE-2019-12180 Arbitrary Code Execution Vulnerability
Description
An issue was discovered in SmartBear SoapUI through 5.5. When opening a project, the Groovy \"Load Script\" is automatically executed. This allows an attacker to execute arbitrary Groovy Language code (Java scripting language) on the victim machine by inducing it to open a malicious Project. The same issue is present in the \"Save Script\" function, which is executed automatically when saving a project.
Affected Applications
SoapUI