SMARTBEAR SoapUI unpackageAll Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SMARTBEAR SoapUI. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the unpackageAll function. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-19060.
History

Thu, 19 Dec 2024 19:45:00 +0000

Type Values Removed Values Added
CPEs cpe:2.3:a:smartbear:soapui:.5.7.0:*:*:*:*:*:*:*
Metrics cvssV3_1

{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


Tue, 26 Nov 2024 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Smartbear
Smartbear soapui
CPEs cpe:2.3:a:smartbear:soapui:5.7.0:*:*:*:*:*:*:*
Vendors & Products Smartbear
Smartbear soapui
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Fri, 22 Nov 2024 21:45:00 +0000

Type Values Removed Values Added
Description SMARTBEAR SoapUI unpackageAll Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of SMARTBEAR SoapUI. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the unpackageAll function. The issue results from the lack of proper validation of a user-supplied path prior to using it in file operations. An attacker can leverage this vulnerability to execute code in the context of the current user. Was ZDI-CAN-19060.
Title SMARTBEAR SoapUI unpackageAll Directory Traversal Remote Code Execution Vulnerability
Weaknesses CWE-22
References
Metrics cvssV3_0

{'score': 7.8, 'vector': 'CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H'}


cve-icon MITRE

Status: PUBLISHED

Assigner: zdi

Published: 2024-11-22T21:32:27.245Z

Updated: 2024-11-26T15:40:08.661Z

Reserved: 2024-08-06T15:58:01.828Z

Link: CVE-2024-7565

cve-icon Vulnrichment

Updated: 2024-11-26T15:40:01.311Z

cve-icon NVD

Status : Analyzed

Published: 2024-11-22T22:15:18.593

Modified: 2024-12-19T19:15:24.127

Link: CVE-2024-7565

cve-icon Redhat

No data.