Vulnerabilities > Smartbear
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-01-11 | CVE-2020-26118 | Deserialization of Untrusted Data vulnerability in Smartbear Collaborator In SmartBear Collaborator Server through 13.3.13302, use of the Google Web Toolkit (GWT) API introduces a post-authentication Java deserialization vulnerability. | 8.8 |
| 2020-05-20 | CVE-2020-12835 | Deserialization of Untrusted Data vulnerability in Smartbear Readyapi 3.2.5 An issue was discovered in SmartBear ReadyAPI SoapUI Pro 3.2.5. | 9.8 |
| 2020-02-05 | CVE-2019-12180 | Unspecified vulnerability in Smartbear Readyapi and Soapui An issue was discovered in SmartBear ReadyAPI through 2.8.2 and 3.0.0 and SoapUI through 5.5. | 7.8 |
| 2019-12-20 | CVE-2016-1000229 | Cross-site Scripting vulnerability in multiple products swagger-ui has XSS in key names | 6.1 |
| 2019-10-10 | CVE-2019-17495 | Cross-Site Request Forgery (CSRF) vulnerability in multiple products A Cascading Style Sheets (CSS) injection vulnerability in Swagger UI before 3.23.11 allows attackers to use the Relative Path Overwrite (RPO) technique to perform CSS-based input field value exfiltration, such as exfiltration of a CSRF token value. | 9.8 |
| 2019-05-03 | CVE-2018-20580 | Improper Input Validation vulnerability in Smartbear Readyapi 2.5.0/2.6.0 The WSDL import functionality in SmartBear ReadyAPI 2.5.0 and 2.6.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file. | 8.8 |
| 2018-02-19 | CVE-2017-16670 | Code Injection vulnerability in Smartbear Soapui 5.3.0 The project import functionality in SoapUI 5.3.0 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL project file. | 7.8 |
| 2017-04-10 | CVE-2016-5682 | Cross-site Scripting vulnerability in Smartbear Swagger-Ui Swagger-UI before 2.2.1 has XSS via the Default field in the Definitions section. | 6.1 |