CVE-2019-12180

Name of the Vulnerable Software and Affected Versions SmartBear ReadyAPI versions 2.8.2 through 3.0.0 SoapUI version 5.5

Description An issue was discovered that allows an attacker to execute arbitrary Groovy Language code on the victim machine by inducing it to open a malicious project. This occurs because the Groovy "Load Script" is automatically executed when opening a project. The same issue is present in the "Save Script" function, which is executed automatically when saving a project.

Recommendations For SmartBear ReadyAPI versions 2.8.2 through 3.0.0, consider disabling the Groovy "Load Script" and "Save Script" functions until a patch is available. For SoapUI version 5.5, consider disabling the Groovy "Load Script" and "Save Script" functions until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.