SoapUI 5.7.2 - Java (Maven) Vulnerabilities

[vigneshsai05]

Hi Team- Good Day!!!

We are from Vulnerability Management team for our Project. More than 40 plus users are using SoapUI 5.7.2 in our organization.

When we performed vulnerability scans on our laptops using Qualys VMDR, we found out that the latest version of this application still has vulnerable library files within the package.
Now we really need your expertise to fix those vulnerabilities. Your quick response regarding this issue is very much appreciated.
Or if you could provide us with the procedure for creating a support ticket with your technical team, it would be really helpful for us to take this issue further.

Sample Vulnerable library files:

C:\Program_Files\SmartBear\SoapUI-5.7.2\lib\xmltooling-1.3.2-1.jar
C:\Program_Files\SmartBear\SoapUI-5.7.2\lib\xstream-1.4.13.jar
C:\Program_Files\SmartBear\SoapUI-5.7.2\lib\ezmorph-1.0.5.jar
C:\Program_Files\SmartBear\SoapUI-5.7.2\lib\commons-logging-1.1.1.jar
C:\Program_Files\SmartBear\SoapUI-5.7.2\lib\openws-1.4.2-1.jar
C:\Program_Files\SmartBear\SoapUI-5.7.2\lib\opensaml-2.5.1-1.jar

[YOU54F]

you are welcome to fork the project and apply upgrades yourself back for possible inclusion in the main project. :)

the latest release has just gone out 5.8.0 which has several updates so you may wish to run a new scan

https://www.soapui.org/downloads/latest-release/release-notes/

[aronemil]

Hi, that did not help, xstream-1.4.13 still has https://nvd.nist.gov/vuln/detail/CVE-2021-39144 with a known exploit.
Could you please evaluate if this is relevant for the software?