High severityNVD Advisory· Published Jan 25, 2014· Updated Jun 17, 2026
CVE-2014-1202
CVE-2014-1202
Description
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
com.smartbear.soapui:soapuiMaven | < 4.6.4 | 4.6.4 |
Affected products
18cpe:2.3:a:eviware:soapui:2.5.1:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:eviware:soapui:2.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:eviware:soapui:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:eviware:soapui:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:eviware:soapui:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:eviware:soapui:3.6:*:*:*:*:*:*:*
- cpe:2.3:a:eviware:soapui:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:smartbear:soapui:*:*:*:*:*:*:*:*+ 10 more
- cpe:2.3:a:smartbear:soapui:*:*:*:*:*:*:*:*range: <=4.6.3
- cpe:2.3:a:smartbear:soapui:4.0:*:*:*:*:*:*:*
- cpe:2.3:a:smartbear:soapui:4.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:smartbear:soapui:4.0:beta1:*:*:*:*:*:*
- cpe:2.3:a:smartbear:soapui:4.0:beta2:*:*:*:*:*:*
- cpe:2.3:a:smartbear:soapui:4.5:*:*:*:*:*:*:*
- cpe:2.3:a:smartbear:soapui:4.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:smartbear:soapui:4.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:smartbear:soapui:4.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:smartbear:soapui:4.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:smartbear:soapui:4.6.2:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
8- packetstormsecurity.com/files/124773/SoapUI-Remote-Code-Execution.htmlnvdExploitWEB
- www.exploit-db.com/exploits/30908nvdExploitWEB
- github.com/advisories/GHSA-c2fp-mpmm-cqxvghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2014-1202ghsaADVISORY
- baraktawily.blogspot.com/2014/01/soapui-code-execution-vulnerability-cve.htmlnvdWEB
- github.com/SmartBear/soapui/blob/master/RELEASENOTES.txtnvdWEB
- github.com/SmartBear/soapui/commit/6373165649ad74257493c69dbc0569caa7e6b4a6ghsaWEB
- www.youtube.com/watchnvd
News mentions
0No linked articles in our index yet.