CVE-2018-20580

Published: May 3, 2019Modified: Nov 21, 2024

8.8

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.

Affected (2)

Products: Smartbear: Readyapi

Smartbear

1 product

Readyapi

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Smartbear Readyapi	Version 2.5.0
Smartbear Readyapi	Version 2.6.0

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (10)

http://packetstormsecurity.com/files/152731/ReadyAPI-2.5.0-2.6.0-Remote-Code-Execution.html

Source: cve@mitre.org

https://github.com/gscamelo/CVE-2018-20580

Source: cve@mitre.org

ExploitThird Party Advisory

https://vimeo.com/332912402

Source: cve@mitre.org

https://vimeo.com/332912473

Source: cve@mitre.org

https://www.exploit-db.com/exploits/46796/

Source: cve@mitre.org

http://packetstormsecurity.com/files/152731/ReadyAPI-2.5.0-2.6.0-Remote-Code-Execution.html