Vulnerabilities > CVE-2020-12835 - Deserialization of Untrusted Data vulnerability in Smartbear Readyapi 3.2.5

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

smartbear

CWE-502

critical

NVD

Published: 2020-05-20

Updated: 2021-07-21

Summary

An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. Due to unsafe use of an Java RMI based protocol in an unsafe configuration, an attacker can inject malicious serialized objects into the communication, resulting in remote code execution in the context of a client-side Network Licensing Protocol component.

Vulnerable Configurations

Part	Description	Count
Application	Smartbear Smartbear Readyapi 3.2.5	1

Common Weakness Enumeration (CWE)

CWE-502 - Deserialization of Untrusted Data

Packetstorm

data source	https://packetstormsecurity.com/files/download/157772/SYSS-2019-039.txt
id	PACKETSTORM:157772
last seen	2020-05-20
published	2020-05-19
reporter	Moritz Bechler
source	https://packetstormsecurity.com/files/157772/Protection-Licensing-Toolkit-ReadyAPI-3.2.5-Code-Execution-Deserialization.html
title	Protection Licensing Toolkit ReadyAPI 3.2.5 Code Execution / Deserialization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Packetstorm

References