The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file. Rated critical severity (CVSS 9.3), this vulnerability is remotely exploitable. Public exploit code available and EPSS exploitation probability 17.3%.
Code Injection
Java
RCE
Soapui
NVD
Exploit-DB
GitHub
CVSS 2.0
9.3
EPSS
17.3%