CVE-2017-16670: Code Injection
First published: Mon Feb 19 2018(Updated: )
The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Smartbear Soapui | =5.3.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2017-16670.
What is the severity of CVE-2017-16670?
The severity of CVE-2017-16670 is high with a CVSS score of 7.8.
What is affected by CVE-2017-16670?
SoapUI version 5.3.0 is affected by CVE-2017-16670.
How can remote attackers exploit CVE-2017-16670?
Remote attackers can exploit CVE-2017-16670 by executing arbitrary Java code via a crafted request parameter in a WSDL project file.
Are there any known fixes for CVE-2017-16670?
There is no known fix for CVE-2017-16670 at the moment.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/weakness
- agent/references
- agent/author
- agent/severity
- agent/event
- agent/description
- agent/first-publish-date
- agent/tags
- vendor/smartbear
- canonical/smartbear soapui
- version/smartbear soapui/5.3.0