Vulnerabilities > Smartbear

DATE CVE VULNERABILITY TITLE RISK
2021-03-11 CVE-2021-21363 Unspecified vulnerability in Smartbear Swagger-Codegen
swagger-codegen is an open-source project which contains a template-driven engine to generate documentation, API clients and server stubs in different languages by parsing your OpenAPI / Swagger definition.
local
high complexity
smartbear
7.0
2021-01-11 CVE-2020-26118 Deserialization of Untrusted Data vulnerability in Smartbear Collaborator
In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability.
network
low complexity
smartbear CWE-502
8.8
2020-05-20 CVE-2020-12835 Deserialization of Untrusted Data vulnerability in Smartbear Readyapi 3.2.5
An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5.
network
low complexity
smartbear CWE-502
critical
9.8
2020-02-05 CVE-2019-12180 Unspecified vulnerability in Smartbear Readyapi and Soapui
An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5.
local
low complexity
smartbear
7.8
2019-12-20 CVE-2016-1000229 Cross-site Scripting vulnerability in multiple products
swagger-ui has XSS in key names
network
low complexity
smartbear redhat CWE-79
6.1
2019-10-10 CVE-2019-17495 Cross-Site Request Forgery (CSRF) vulnerability in multiple products
A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value.
network
low complexity
smartbear oracle CWE-352
critical
9.8
2019-05-03 CVE-2018-20580 Improper Input Validation vulnerability in Smartbear Readyapi 2.5.0/2.6.0
The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
network
low complexity
smartbear CWE-20
8.8
2018-02-19 CVE-2017-16670 Code Injection vulnerability in Smartbear Soapui 5.3.0
The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file.
local
low complexity
smartbear CWE-94
7.8
2017-04-10 CVE-2016-5682 Cross-site Scripting vulnerability in Smartbear Swagger-Ui
Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section.
network
low complexity
smartbear CWE-79
6.1