CVE-2014-1202

Eviware Soapui < 4.6.3 - Code Injection

Title source: rule

Description

The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.

Exploits (1)

exploitdb WORKING POC
by Barak Tawily · textremotewindows
https://www.exploit-db.com/exploits/30908

References (5)

Scores

EPSS 0.1735
EPSS Percentile 95.1%

Details

CWE
CWE-94
Status published
Products (16)
com.smartbear.soapui/soapui 0 - 4.6.4Maven
eviware/soapui 2.5.1
eviware/soapui 3.0.1
eviware/soapui 3.5
eviware/soapui 3.5.1
eviware/soapui 3.6
eviware/soapui 3.6.1
smartbear/soapui 4.0 (3 CPE variants)
smartbear/soapui 4.0.1
smartbear/soapui 4.5
... and 6 more
Published Jan 25, 2014
Tracked Since Feb 18, 2026