CVE-2018-20580

Опубликовано: 03 мая 2019

Источник: nvd

CVSS3: 8.8

CVSS2: 9.3

EPSS Средний

Описание

The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.

Ссылки

http://packetstormsecurity.com/files/152731/ReadyAPI-2.5.0-2.6.0-Remote-Code-Execution.html
https://github.com/gscamelo/CVE-2018-20580
Exploit
Third Party Advisory
https://vimeo.com/332912402
https://vimeo.com/332912473
https://www.exploit-db.com/exploits/46796/
http://packetstormsecurity.com/files/152731/ReadyAPI-2.5.0-2.6.0-Remote-Code-Execution.html
https://github.com/gscamelo/CVE-2018-20580
Exploit
Third Party Advisory
https://vimeo.com/332912402
https://vimeo.com/332912473
https://www.exploit-db.com/exploits/46796/

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:smartbear:readyapi:2.5.0:*:*:*:*:*:*:*

cpe:2.3:a:smartbear:readyapi:2.6.0:*:*:*:*:*:*:*

EPSS

Процентиль: 97%

0.30875

Средний

8.8 High

CVSS3

9.3 Critical

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-rx49-4645-8575