SMARTBEAR SoapUI unpackageAll 目录遍历远程代码执行漏洞

该 RCE 漏洞的潜在影响非常严重。攻击者可以利用此漏洞在目标系统上执行任意代码，从而完全控制受影响的系统。这可能导致敏感数据泄露、系统被破坏、恶意软件安装，甚至整个网络的控制权被攻陷。由于需要用户交互，攻击者可能需要诱骗用户访问恶意页面或打开恶意文件，但一旦成功，攻击者将拥有极高的权限。

Organizations that heavily rely on SMARTBEAR SoapUI for API testing and development are at significant risk. This includes teams involved in software development, quality assurance, and security testing. Environments where SoapUI is deployed on shared hosting platforms or with limited access controls are particularly vulnerable.

• windows / supply-chain: Monitor PowerShell execution for unusual commands related to file manipulation or code execution within the SoapUI installation directory. Use Windows Defender to scan for suspicious files or processes.

Get-Process -Name SoapUI | Select-Object -ExpandProperty Path

• linux / server: Monitor system logs (journalctl) for errors or warnings related to file access within the SoapUI installation directory. Use lsof to identify processes accessing files within that directory.

lsof /opt/soapui/bin/

• generic web: Check access and error logs for requests containing suspicious file paths or URL parameters that could be exploited for directory traversal. Examine response headers for unexpected content or error messages.

curl -I http://your-soapui-server/malicious_file.xml

1. 2024-11-22Disclosure

   disclosure

1. 已保留2024-08-06
2. 发布日期2024-11-22
3. 修改日期2024-11-26
4. EPSS 更新日期2026-04-02

目前，官方尚未发布修复版本。在无法立即升级的情况下，建议采取以下缓解措施：首先，限制 SoapUI 的访问权限，仅允许必要的用户访问。其次，实施严格的网络安全策略，例如使用防火墙和入侵检测系统来监控和阻止可疑活动。此外，可以考虑使用 Web 应用防火墙 (WAF) 来过滤恶意请求，并定期扫描系统是否存在漏洞。最后，密切关注安全社区的最新信息，以便及时了解新的攻击方法和缓解措施。