Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
14 vulnerabilities by MuleSoft
VAR-201908-0356
Vulnerability from variot - Updated: 2023-12-18 13:43Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process. MuleSoft Mule Runtime and MuleSoft API Gateway Contains a path traversal vulnerability.Information may be obtained. Path traversal vulnerabilities exist in Mulesoft API Gateway (all versions), APIkit, http-connector and OAuth2 Provider modules in Mulesoft 3.x and 4.x versions. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths. An attacker could exploit this vulnerability to access locations outside of restricted directories
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201908-0356",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mule runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "mulesoft",
"version": "4.2.1"
},
{
"model": "api gateway",
"scope": "eq",
"trust": 1.0,
"vendor": "mulesoft",
"version": "*"
},
{
"model": "mule runtime",
"scope": "gte",
"trust": 1.0,
"vendor": "mulesoft",
"version": "3.2.0"
},
{
"model": "mule runtime",
"scope": "gte",
"trust": 1.0,
"vendor": "mulesoft",
"version": "4.1.0"
},
{
"model": "mule runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "mulesoft",
"version": "3.9.3"
},
{
"model": "mule api gateway",
"scope": null,
"trust": 0.8,
"vendor": "mulesoft",
"version": null
},
{
"model": "mule runtime",
"scope": null,
"trust": 0.8,
"vendor": "mulesoft",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008889"
},
{
"db": "NVD",
"id": "CVE-2019-15630"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mulesoft:api_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mulesoft:mule_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "3.9.3",
"versionStartIncluding": "3.2.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mulesoft:mule_runtime:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "4.2.1",
"versionStartIncluding": "4.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15630"
}
]
},
"cve": "CVE-2019-15630",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"integrityImpact": "NONE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.0,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-15630",
"impactScore": null,
"integrityImpact": "None",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "Medium",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-147696",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 7.5,
"baseSeverity": "High",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15630",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-15630",
"trust": 1.8,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-201908-2262",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-147696",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147696"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008889"
},
{
"db": "NVD",
"id": "CVE-2019-15630"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2262"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process. MuleSoft Mule Runtime and MuleSoft API Gateway Contains a path traversal vulnerability.Information may be obtained. Path traversal vulnerabilities exist in Mulesoft API Gateway (all versions), APIkit, http-connector and OAuth2 Provider modules in Mulesoft 3.x and 4.x versions. The vulnerability stems from a network system or product that fails to properly filter resources or special elements in file paths. An attacker could exploit this vulnerability to access locations outside of restricted directories",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15630"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008889"
},
{
"db": "VULHUB",
"id": "VHN-147696"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15630",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008889",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2262",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-147696",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147696"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008889"
},
{
"db": "NVD",
"id": "CVE-2019-15630"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2262"
}
]
},
"id": "VAR-201908-0356",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-147696"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T13:43:15.881000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.mulesoft.com/"
},
{
"title": "Mulesoft API Gateway and Mulesoft APIkit , http-connector and OAuth2 Provider Fixes for module path traversal vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=97773"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008889"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2262"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-22",
"trust": 1.9
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147696"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008889"
},
{
"db": "NVD",
"id": "CVE-2019-15630"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.6,
"url": "https://help.salesforce.com/apex/htviewsolution?urlname=cve-2019-15630-directory-traversal-in-mulesoft-runtime\u0026language=en_us"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15630"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15630"
},
{
"trust": 0.8,
"url": "https://help.salesforce.com/articleview?id=000350862\u0026language=en_us\u0026type=1\u0026mode=1"
},
{
"trust": 0.1,
"url": "https://help.salesforce.com/apex/htviewsolution?urlname=cve-2019-15630-directory-traversal-in-mulesoft-runtime\u0026amp;language=en_us"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147696"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008889"
},
{
"db": "NVD",
"id": "CVE-2019-15630"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2262"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-147696"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-008889"
},
{
"db": "NVD",
"id": "CVE-2019-15630"
},
{
"db": "CNNVD",
"id": "CNNVD-201908-2262"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-08-30T00:00:00",
"db": "VULHUB",
"id": "VHN-147696"
},
{
"date": "2019-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008889"
},
{
"date": "2019-08-30T17:15:11.940000",
"db": "NVD",
"id": "CVE-2019-15630"
},
{
"date": "2019-08-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2262"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-09-05T00:00:00",
"db": "VULHUB",
"id": "VHN-147696"
},
{
"date": "2019-09-09T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-008889"
},
{
"date": "2019-09-05T20:20:44.520000",
"db": "NVD",
"id": "CVE-2019-15630"
},
{
"date": "2019-09-06T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201908-2262"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2262"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MuleSoft Mule Runtime and MuleSoft API Gateway Path traversal vulnerability",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-008889"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "path traversal",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201908-2262"
}
],
"trust": 0.6
}
}
VAR-201912-0661
Vulnerability from variot - Updated: 2023-12-18 12:56Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code. MuleSoft Mule and API Gateway Has unspecified vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201912-0661",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "api gateway",
"scope": "lte",
"trust": 1.0,
"vendor": "mulesoft",
"version": "2.2.12"
},
{
"model": "mule runtime",
"scope": "gte",
"trust": 1.0,
"vendor": "mulesoft",
"version": "3.0.0"
},
{
"model": "api gateway",
"scope": "gte",
"trust": 1.0,
"vendor": "mulesoft",
"version": "2.0.0"
},
{
"model": "mule runtime",
"scope": "lte",
"trust": 1.0,
"vendor": "mulesoft",
"version": "3.9.3"
},
{
"model": "mule api gateway",
"scope": "lt",
"trust": 0.8,
"vendor": "mulesoft",
"version": "2019/10/31 earlier 2.x"
},
{
"model": "mule runtime",
"scope": "lt",
"trust": 0.8,
"vendor": "mulesoft",
"version": "ce 2019/10/31 earlier 3.x"
},
{
"model": "mule runtime",
"scope": "lt",
"trust": 0.8,
"vendor": "mulesoft",
"version": "ee 2019/10/31 earlier 3.x"
},
{
"model": "api gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "mulesoft",
"version": "2.2.0"
},
{
"model": "api gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "mulesoft",
"version": "2.2.4"
},
{
"model": "api gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "mulesoft",
"version": "2.2.8"
},
{
"model": "api gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "mulesoft",
"version": "2.2.2"
},
{
"model": "api gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "mulesoft",
"version": "2.2.3"
},
{
"model": "api gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "mulesoft",
"version": "2.2.6"
},
{
"model": "api gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "mulesoft",
"version": "2.2.1"
},
{
"model": "api gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "mulesoft",
"version": "2.2.9"
},
{
"model": "api gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "mulesoft",
"version": "2.2.7"
},
{
"model": "api gateway",
"scope": "eq",
"trust": 0.6,
"vendor": "mulesoft",
"version": "2.2.5"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013032"
},
{
"db": "NVD",
"id": "CVE-2019-15631"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-006"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:mulesoft:api_gateway:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "2.2.12",
"versionStartIncluding": "2.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mulesoft:mule_runtime:*:*:*:*:*:*:community:*",
"cpe_name": [],
"versionEndIncluding": "3.9.3",
"versionStartIncluding": "3.0.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:mulesoft:mule_runtime:*:*:*:*:*:enterprise:*:*",
"cpe_name": [],
"versionEndIncluding": "3.9.3",
"versionStartIncluding": "3.0.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15631"
}
]
},
"cve": "CVE-2019-15631",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": false,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"acInsufInfo": null,
"accessComplexity": "Low",
"accessVector": "Network",
"authentication": "None",
"author": "NVD",
"availabilityImpact": "Partial",
"baseScore": 7.5,
"confidentialityImpact": "Partial",
"exploitabilityScore": null,
"id": "CVE-2019-15631",
"impactScore": null,
"integrityImpact": "Partial",
"obtainAllPrivilege": null,
"obtainOtherPrivilege": null,
"obtainUserPrivilege": null,
"severity": "High",
"trust": 0.8,
"userInteractionRequired": null,
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 10.0,
"id": "VHN-147697",
"impactScore": 6.4,
"integrityImpact": "PARTIAL",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
{
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"author": "security@salesforce.com",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
{
"attackComplexity": "Low",
"attackVector": "Network",
"author": "NVD",
"availabilityImpact": "High",
"baseScore": 9.8,
"baseSeverity": "Critical",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2019-15631",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2019-15631",
"trust": 1.8,
"value": "CRITICAL"
},
{
"author": "security@salesforce.com",
"id": "CVE-2019-15631",
"trust": 1.0,
"value": "CRITICAL"
},
{
"author": "CNNVD",
"id": "CNNVD-201912-006",
"trust": 0.6,
"value": "CRITICAL"
},
{
"author": "VULHUB",
"id": "VHN-147697",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147697"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013032"
},
{
"db": "NVD",
"id": "CVE-2019-15631"
},
{
"db": "NVD",
"id": "CVE-2019-15631"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-006"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code. MuleSoft Mule and API Gateway Has unspecified vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state",
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15631"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013032"
},
{
"db": "VULHUB",
"id": "VHN-147697"
}
],
"trust": 1.71
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2019-15631",
"trust": 2.5
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013032",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201912-006",
"trust": 0.7
},
{
"db": "VULHUB",
"id": "VHN-147697",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147697"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013032"
},
{
"db": "NVD",
"id": "CVE-2019-15631"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-006"
}
]
},
"id": "VAR-201912-0661",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-147697"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T12:56:18.546000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Top Page",
"trust": 0.8,
"url": "https://www.mulesoft.com/"
},
{
"title": "MuleSoft Mule CE/EE and API Gateway Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=105224"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013032"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-006"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2019-15631"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://help.salesforce.com/articleview?id=000351827\u0026language=en_us\u0026type=1\u0026mode=1"
},
{
"trust": 1.4,
"url": "https://nvd.nist.gov/vuln/detail/cve-2019-15631"
},
{
"trust": 0.8,
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15631"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/mulesoft-mule-runtime-3-x-code-execution-31032"
},
{
"trust": 0.1,
"url": "https://help.salesforce.com/articleview?id=000351827\u0026amp;language=en_us\u0026amp;type=1\u0026amp;mode=1"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-147697"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013032"
},
{
"db": "NVD",
"id": "CVE-2019-15631"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-006"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-147697"
},
{
"db": "JVNDB",
"id": "JVNDB-2019-013032"
},
{
"db": "NVD",
"id": "CVE-2019-15631"
},
{
"db": "CNNVD",
"id": "CNNVD-201912-006"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-02T00:00:00",
"db": "VULHUB",
"id": "VHN-147697"
},
{
"date": "2019-12-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013032"
},
{
"date": "2019-12-02T02:15:10.613000",
"db": "NVD",
"id": "CVE-2019-15631"
},
{
"date": "2019-12-01T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-006"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2019-12-13T00:00:00",
"db": "VULHUB",
"id": "VHN-147697"
},
{
"date": "2019-12-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2019-013032"
},
{
"date": "2019-12-13T19:21:03.720000",
"db": "NVD",
"id": "CVE-2019-15631"
},
{
"date": "2019-12-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201912-006"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "remote",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-006"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MuleSoft Mule and API Gateway Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2019-013032"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201912-006"
}
],
"trust": 0.6
}
}
CVE-2020-6937 (GCVE-0-2020-6937)
Vulnerability from cvelistv5 – Published: 2020-05-29 21:27 – Updated: 2024-08-04 09:18
VLAI
Summary
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
Severity
No CVSS data available.
CWE
- Denial of Service
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://help.salesforce.com/articleView?id=000353… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | MuleSoft Mule CE/EE |
Affected:
3.8.x
Affected: 3.9.x Affected: 4.x |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:02.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.salesforce.com/articleView?id=000353701\u0026language=en_US\u0026type=1\u0026mode=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MuleSoft Mule CE/EE",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.8.x"
},
{
"status": "affected",
"version": "3.9.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T21:27:33.000Z",
"orgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"shortName": "Salesforce"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.salesforce.com/articleView?id=000353701\u0026language=en_US\u0026type=1\u0026mode=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@salesforce.com",
"ID": "CVE-2020-6937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MuleSoft Mule CE/EE",
"version": {
"version_data": [
{
"version_value": "3.8.x"
},
{
"version_value": "3.9.x"
},
{
"version_value": "4.x"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.salesforce.com/articleView?id=000353701\u0026language=en_US\u0026type=1\u0026mode=1",
"refsource": "CONFIRM",
"url": "https://help.salesforce.com/articleView?id=000353701\u0026language=en_US\u0026type=1\u0026mode=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"assignerShortName": "Salesforce",
"cveId": "CVE-2020-6937",
"datePublished": "2020-05-29T21:27:33.000Z",
"dateReserved": "2020-01-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:18:02.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10991 (GCVE-0-2020-10991)
Vulnerability from cvelistv5 – Published: 2020-03-26 23:42 – Updated: 2024-08-04 11:21
VLAI
Summary
Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/mulesoft/apikit/issues/547 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mulesoft/apikit/issues/547"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T23:42:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mulesoft/apikit/issues/547"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mulesoft/apikit/issues/547",
"refsource": "MISC",
"url": "https://github.com/mulesoft/apikit/issues/547"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10991",
"datePublished": "2020-03-26T23:42:13.000Z",
"dateReserved": "2020-03-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:21:14.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15631 (GCVE-0-2019-15631)
Vulnerability from cvelistv5 – Published: 2019-12-02 01:44 – Updated: 2024-08-05 00:56
VLAI
Summary
Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.
Severity
9.8 (Critical)
CWE
- Remote Code Execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://help.salesforce.com/articleView?id=000351… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| MuleSoft | Mule CE/EE 3.x |
Affected:
released before October 31, 2019
|
|
| MuleSoft | Mule API Gateway 2.x |
Affected:
released before October 31, 2019
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:20.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.salesforce.com/articleView?id=000351827\u0026language=en_US\u0026type=1\u0026mode=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mule CE/EE 3.x",
"vendor": "MuleSoft",
"versions": [
{
"status": "affected",
"version": "released before October 31, 2019"
}
]
},
{
"product": "Mule API Gateway 2.x",
"vendor": "MuleSoft",
"versions": [
{
"status": "affected",
"version": "released before October 31, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-02T01:44:27.000Z",
"orgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"shortName": "Salesforce"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.salesforce.com/articleView?id=000351827\u0026language=en_US\u0026type=1\u0026mode=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@salesforce.com",
"ID": "CVE-2019-15631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mule CE/EE 3.x",
"version": {
"version_data": [
{
"version_value": "released before October 31, 2019"
}
]
}
},
{
"product_name": "Mule API Gateway 2.x",
"version": {
"version_data": [
{
"version_value": "released before October 31, 2019"
}
]
}
}
]
},
"vendor_name": "MuleSoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.salesforce.com/articleView?id=000351827\u0026language=en_US\u0026type=1\u0026mode=1",
"refsource": "MISC",
"url": "https://help.salesforce.com/articleView?id=000351827\u0026language=en_US\u0026type=1\u0026mode=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"assignerShortName": "Salesforce",
"cveId": "CVE-2019-15631",
"datePublished": "2019-12-02T01:44:27.000Z",
"dateReserved": "2019-08-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:56:20.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13116 (GCVE-0-2019-13116)
Vulnerability from cvelistv5 – Published: 2019-10-16 19:06 – Updated: 2024-08-04 23:41
VLAI
Summary
The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://docs.mulesoft.com/release-notes/mule-runt… | x_refsource_MISC |
| https://threat.tevora.com/mulesoft-3-8-unauthenti… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T21:39:56.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes",
"refsource": "MISC",
"url": "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes"
},
{
"name": "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/",
"refsource": "MISC",
"url": "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13116",
"datePublished": "2019-10-16T19:06:39.000Z",
"dateReserved": "2019-06-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:41:10.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15630 (GCVE-0-2019-15630)
Vulnerability from cvelistv5 – Published: 2019-08-30 16:56 – Updated: 2024-08-05 00:56
VLAI
Summary
Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process.
Severity
No CVSS data available.
CWE
- Directory Traversal (Local File Inclusion)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://help.salesforce.com/apex/HTViewSolution?u… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Salesforce, Inc. | Mulesoft |
Affected:
3.x and 4.x released before August 1 2019
|
|
| Salesforce, Inc. | Mulesoft API Gateway |
Affected:
All versions
|
Date Public
2019-08-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.salesforce.com/apex/HTViewSolution?urlname=CVE-2019-15630-Directory-Traversal-in-MuleSoft-Runtime\u0026language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mulesoft",
"vendor": "Salesforce, Inc.",
"versions": [
{
"status": "affected",
"version": "3.x and 4.x released before August 1 2019"
}
]
},
{
"product": "Mulesoft API Gateway",
"vendor": "Salesforce, Inc.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"datePublic": "2019-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal (Local File Inclusion)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-03T18:21:26.000Z",
"orgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"shortName": "Salesforce"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.salesforce.com/apex/HTViewSolution?urlname=CVE-2019-15630-Directory-Traversal-in-MuleSoft-Runtime\u0026language=en_US"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@salesforce.com",
"ID": "CVE-2019-15630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mulesoft",
"version": {
"version_data": [
{
"version_value": "3.x and 4.x released before August 1 2019"
}
]
}
},
{
"product_name": "Mulesoft API Gateway",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Salesforce, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal (Local File Inclusion)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.salesforce.com/apex/HTViewSolution?urlname=CVE-2019-15630-Directory-Traversal-in-MuleSoft-Runtime\u0026language=en_US",
"refsource": "MISC",
"url": "https://help.salesforce.com/apex/HTViewSolution?urlname=CVE-2019-15630-Directory-Traversal-in-MuleSoft-Runtime\u0026language=en_US"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"assignerShortName": "Salesforce",
"cveId": "CVE-2019-15630",
"datePublished": "2019-08-30T16:56:14.000Z",
"dateReserved": "2019-08-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:56:22.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9000 (GCVE-0-2014-9000)
Vulnerability from cvelistv5 – Published: 2014-11-20 11:00 – Updated: 2024-09-16 22:30
VLAI
Summary
Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB Runtime 3.5.1, but it originates in MMC.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2014/Oct/107 | mailing-listx_refsource_FULLDISC |
| http://seclists.org/fulldisclosure/2014/Oct/98 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/128799 | x_refsource_MISC |
| http://www.mulesoft.org/documentation/display/cur… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141024 Re: Mulesoft ESB Authenticated Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/107"
},
{
"name": "20141022 Mulesoft ESB Authenticated Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/98"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128799"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mulesoft.org/documentation/display/current/Mule+Enterprise+Management+Console+Security+Update"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB Runtime 3.5.1, but it originates in MMC."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-20T11:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141024 Re: Mulesoft ESB Authenticated Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/107"
},
{
"name": "20141022 Mulesoft ESB Authenticated Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/98"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128799"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mulesoft.org/documentation/display/current/Mule+Enterprise+Management+Console+Security+Update"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB Runtime 3.5.1, but it originates in MMC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141024 Re: Mulesoft ESB Authenticated Privilege Escalation",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/107"
},
{
"name": "20141022 Mulesoft ESB Authenticated Privilege Escalation",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/98"
},
{
"name": "http://packetstormsecurity.com/files/128799",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128799"
},
{
"name": "http://www.mulesoft.org/documentation/display/current/Mule+Enterprise+Management+Console+Security+Update",
"refsource": "CONFIRM",
"url": "http://www.mulesoft.org/documentation/display/current/Mule+Enterprise+Management+Console+Security+Update"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9000",
"datePublished": "2014-11-20T11:00:00.000Z",
"dateReserved": "2014-11-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:30:26.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6937 (GCVE-0-2020-6937)
Vulnerability from nvd – Published: 2020-05-29 21:27 – Updated: 2024-08-04 09:18
VLAI
Summary
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
Severity
No CVSS data available.
CWE
- Denial of Service
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://help.salesforce.com/articleView?id=000353… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | MuleSoft Mule CE/EE |
Affected:
3.8.x
Affected: 3.9.x Affected: 4.x |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:02.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.salesforce.com/articleView?id=000353701\u0026language=en_US\u0026type=1\u0026mode=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MuleSoft Mule CE/EE",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.8.x"
},
{
"status": "affected",
"version": "3.9.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T21:27:33.000Z",
"orgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"shortName": "Salesforce"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.salesforce.com/articleView?id=000353701\u0026language=en_US\u0026type=1\u0026mode=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@salesforce.com",
"ID": "CVE-2020-6937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MuleSoft Mule CE/EE",
"version": {
"version_data": [
{
"version_value": "3.8.x"
},
{
"version_value": "3.9.x"
},
{
"version_value": "4.x"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.salesforce.com/articleView?id=000353701\u0026language=en_US\u0026type=1\u0026mode=1",
"refsource": "CONFIRM",
"url": "https://help.salesforce.com/articleView?id=000353701\u0026language=en_US\u0026type=1\u0026mode=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"assignerShortName": "Salesforce",
"cveId": "CVE-2020-6937",
"datePublished": "2020-05-29T21:27:33.000Z",
"dateReserved": "2020-01-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:18:02.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-10991 (GCVE-0-2020-10991)
Vulnerability from nvd – Published: 2020-03-26 23:42 – Updated: 2024-08-04 11:21
VLAI
Summary
Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://github.com/mulesoft/apikit/issues/547 | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T11:21:14.569Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/mulesoft/apikit/issues/547"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-03-26T23:42:13.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/mulesoft/apikit/issues/547"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-10991",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/mulesoft/apikit/issues/547",
"refsource": "MISC",
"url": "https://github.com/mulesoft/apikit/issues/547"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-10991",
"datePublished": "2020-03-26T23:42:13.000Z",
"dateReserved": "2020-03-26T00:00:00.000Z",
"dateUpdated": "2024-08-04T11:21:14.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15631 (GCVE-0-2019-15631)
Vulnerability from nvd – Published: 2019-12-02 01:44 – Updated: 2024-08-05 00:56
VLAI
Summary
Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.
Severity
9.8 (Critical)
CWE
- Remote Code Execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://help.salesforce.com/articleView?id=000351… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| MuleSoft | Mule CE/EE 3.x |
Affected:
released before October 31, 2019
|
|
| MuleSoft | Mule API Gateway 2.x |
Affected:
released before October 31, 2019
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:20.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.salesforce.com/articleView?id=000351827\u0026language=en_US\u0026type=1\u0026mode=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mule CE/EE 3.x",
"vendor": "MuleSoft",
"versions": [
{
"status": "affected",
"version": "released before October 31, 2019"
}
]
},
{
"product": "Mule API Gateway 2.x",
"vendor": "MuleSoft",
"versions": [
{
"status": "affected",
"version": "released before October 31, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-02T01:44:27.000Z",
"orgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"shortName": "Salesforce"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.salesforce.com/articleView?id=000351827\u0026language=en_US\u0026type=1\u0026mode=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@salesforce.com",
"ID": "CVE-2019-15631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mule CE/EE 3.x",
"version": {
"version_data": [
{
"version_value": "released before October 31, 2019"
}
]
}
},
{
"product_name": "Mule API Gateway 2.x",
"version": {
"version_data": [
{
"version_value": "released before October 31, 2019"
}
]
}
}
]
},
"vendor_name": "MuleSoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.salesforce.com/articleView?id=000351827\u0026language=en_US\u0026type=1\u0026mode=1",
"refsource": "MISC",
"url": "https://help.salesforce.com/articleView?id=000351827\u0026language=en_US\u0026type=1\u0026mode=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"assignerShortName": "Salesforce",
"cveId": "CVE-2019-15631",
"datePublished": "2019-12-02T01:44:27.000Z",
"dateReserved": "2019-08-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:56:20.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13116 (GCVE-0-2019-13116)
Vulnerability from nvd – Published: 2019-10-16 19:06 – Updated: 2024-08-04 23:41
VLAI
Summary
The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://docs.mulesoft.com/release-notes/mule-runt… | x_refsource_MISC |
| https://threat.tevora.com/mulesoft-3-8-unauthenti… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T21:39:56.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes",
"refsource": "MISC",
"url": "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes"
},
{
"name": "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/",
"refsource": "MISC",
"url": "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13116",
"datePublished": "2019-10-16T19:06:39.000Z",
"dateReserved": "2019-06-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:41:10.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15630 (GCVE-0-2019-15630)
Vulnerability from nvd – Published: 2019-08-30 16:56 – Updated: 2024-08-05 00:56
VLAI
Summary
Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process.
Severity
No CVSS data available.
CWE
- Directory Traversal (Local File Inclusion)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://help.salesforce.com/apex/HTViewSolution?u… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Salesforce, Inc. | Mulesoft |
Affected:
3.x and 4.x released before August 1 2019
|
|
| Salesforce, Inc. | Mulesoft API Gateway |
Affected:
All versions
|
Date Public
2019-08-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.salesforce.com/apex/HTViewSolution?urlname=CVE-2019-15630-Directory-Traversal-in-MuleSoft-Runtime\u0026language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mulesoft",
"vendor": "Salesforce, Inc.",
"versions": [
{
"status": "affected",
"version": "3.x and 4.x released before August 1 2019"
}
]
},
{
"product": "Mulesoft API Gateway",
"vendor": "Salesforce, Inc.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"datePublic": "2019-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal (Local File Inclusion)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-03T18:21:26.000Z",
"orgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"shortName": "Salesforce"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.salesforce.com/apex/HTViewSolution?urlname=CVE-2019-15630-Directory-Traversal-in-MuleSoft-Runtime\u0026language=en_US"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@salesforce.com",
"ID": "CVE-2019-15630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mulesoft",
"version": {
"version_data": [
{
"version_value": "3.x and 4.x released before August 1 2019"
}
]
}
},
{
"product_name": "Mulesoft API Gateway",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Salesforce, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal (Local File Inclusion)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.salesforce.com/apex/HTViewSolution?urlname=CVE-2019-15630-Directory-Traversal-in-MuleSoft-Runtime\u0026language=en_US",
"refsource": "MISC",
"url": "https://help.salesforce.com/apex/HTViewSolution?urlname=CVE-2019-15630-Directory-Traversal-in-MuleSoft-Runtime\u0026language=en_US"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"assignerShortName": "Salesforce",
"cveId": "CVE-2019-15630",
"datePublished": "2019-08-30T16:56:14.000Z",
"dateReserved": "2019-08-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:56:22.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-9000 (GCVE-0-2014-9000)
Vulnerability from nvd – Published: 2014-11-20 11:00 – Updated: 2024-09-16 22:30
VLAI
Summary
Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB Runtime 3.5.1, but it originates in MMC.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://seclists.org/fulldisclosure/2014/Oct/107 | mailing-listx_refsource_FULLDISC |
| http://seclists.org/fulldisclosure/2014/Oct/98 | mailing-listx_refsource_FULLDISC |
| http://packetstormsecurity.com/files/128799 | x_refsource_MISC |
| http://www.mulesoft.org/documentation/display/cur… | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T13:33:13.145Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20141024 Re: Mulesoft ESB Authenticated Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/107"
},
{
"name": "20141022 Mulesoft ESB Authenticated Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/98"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://packetstormsecurity.com/files/128799"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.mulesoft.org/documentation/display/current/Mule+Enterprise+Management+Console+Security+Update"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB Runtime 3.5.1, but it originates in MMC."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-20T11:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20141024 Re: Mulesoft ESB Authenticated Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/107"
},
{
"name": "20141022 Mulesoft ESB Authenticated Privilege Escalation",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/fulldisclosure/2014/Oct/98"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://packetstormsecurity.com/files/128799"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.mulesoft.org/documentation/display/current/Mule+Enterprise+Management+Console+Security+Update"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2014-9000",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB Runtime 3.5.1, but it originates in MMC."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20141024 Re: Mulesoft ESB Authenticated Privilege Escalation",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/107"
},
{
"name": "20141022 Mulesoft ESB Authenticated Privilege Escalation",
"refsource": "FULLDISC",
"url": "http://seclists.org/fulldisclosure/2014/Oct/98"
},
{
"name": "http://packetstormsecurity.com/files/128799",
"refsource": "MISC",
"url": "http://packetstormsecurity.com/files/128799"
},
{
"name": "http://www.mulesoft.org/documentation/display/current/Mule+Enterprise+Management+Console+Security+Update",
"refsource": "CONFIRM",
"url": "http://www.mulesoft.org/documentation/display/current/Mule+Enterprise+Management+Console+Security+Update"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2014-9000",
"datePublished": "2014-11-20T11:00:00.000Z",
"dateReserved": "2014-11-19T00:00:00.000Z",
"dateUpdated": "2024-09-16T22:30:26.601Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}