CVE-2018-20580

Name of the Vulnerable Software and Affected Versions: SmartBear ReadyAPI versions 2.5.0 through 2.6.0

Description: The issue concerns the WSDL import functionality, which allows remote attackers to execute arbitrary Java code. This can be achieved by sending a crafted request parameter in a WSDL file.

Recommendations: For SmartBear ReadyAPI versions 2.5.0 through 2.6.0, consider disabling the WSDL import functionality until a patch is available. Restrict access to the WSDL import feature to minimize the risk of exploitation. Avoid using crafted request parameters in WSDL files until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.