Search criteria
8 vulnerabilities found for mule_runtime by mulesoft
CVE-2020-6937 (GCVE-0-2020-6937)
Vulnerability from cvelistv5 – Published: 2020-05-29 21:27 – Updated: 2024-08-04 09:18
VLAI
Summary
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
Severity
No CVSS data available.
CWE
- Denial of Service
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://help.salesforce.com/articleView?id=000353… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | MuleSoft Mule CE/EE |
Affected:
3.8.x
Affected: 3.9.x Affected: 4.x |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:02.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.salesforce.com/articleView?id=000353701\u0026language=en_US\u0026type=1\u0026mode=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MuleSoft Mule CE/EE",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.8.x"
},
{
"status": "affected",
"version": "3.9.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T21:27:33.000Z",
"orgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"shortName": "Salesforce"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.salesforce.com/articleView?id=000353701\u0026language=en_US\u0026type=1\u0026mode=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@salesforce.com",
"ID": "CVE-2020-6937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MuleSoft Mule CE/EE",
"version": {
"version_data": [
{
"version_value": "3.8.x"
},
{
"version_value": "3.9.x"
},
{
"version_value": "4.x"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.salesforce.com/articleView?id=000353701\u0026language=en_US\u0026type=1\u0026mode=1",
"refsource": "CONFIRM",
"url": "https://help.salesforce.com/articleView?id=000353701\u0026language=en_US\u0026type=1\u0026mode=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"assignerShortName": "Salesforce",
"cveId": "CVE-2020-6937",
"datePublished": "2020-05-29T21:27:33.000Z",
"dateReserved": "2020-01-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:18:02.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15631 (GCVE-0-2019-15631)
Vulnerability from cvelistv5 – Published: 2019-12-02 01:44 – Updated: 2024-08-05 00:56
VLAI
Summary
Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.
Severity
9.8 (Critical)
CWE
- Remote Code Execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://help.salesforce.com/articleView?id=000351… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| MuleSoft | Mule CE/EE 3.x |
Affected:
released before October 31, 2019
|
|
| MuleSoft | Mule API Gateway 2.x |
Affected:
released before October 31, 2019
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:20.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.salesforce.com/articleView?id=000351827\u0026language=en_US\u0026type=1\u0026mode=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mule CE/EE 3.x",
"vendor": "MuleSoft",
"versions": [
{
"status": "affected",
"version": "released before October 31, 2019"
}
]
},
{
"product": "Mule API Gateway 2.x",
"vendor": "MuleSoft",
"versions": [
{
"status": "affected",
"version": "released before October 31, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-02T01:44:27.000Z",
"orgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"shortName": "Salesforce"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.salesforce.com/articleView?id=000351827\u0026language=en_US\u0026type=1\u0026mode=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@salesforce.com",
"ID": "CVE-2019-15631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mule CE/EE 3.x",
"version": {
"version_data": [
{
"version_value": "released before October 31, 2019"
}
]
}
},
{
"product_name": "Mule API Gateway 2.x",
"version": {
"version_data": [
{
"version_value": "released before October 31, 2019"
}
]
}
}
]
},
"vendor_name": "MuleSoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.salesforce.com/articleView?id=000351827\u0026language=en_US\u0026type=1\u0026mode=1",
"refsource": "MISC",
"url": "https://help.salesforce.com/articleView?id=000351827\u0026language=en_US\u0026type=1\u0026mode=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"assignerShortName": "Salesforce",
"cveId": "CVE-2019-15631",
"datePublished": "2019-12-02T01:44:27.000Z",
"dateReserved": "2019-08-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:56:20.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13116 (GCVE-0-2019-13116)
Vulnerability from cvelistv5 – Published: 2019-10-16 19:06 – Updated: 2024-08-04 23:41
VLAI
Summary
The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://docs.mulesoft.com/release-notes/mule-runt… | x_refsource_MISC |
| https://threat.tevora.com/mulesoft-3-8-unauthenti… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T21:39:56.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes",
"refsource": "MISC",
"url": "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes"
},
{
"name": "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/",
"refsource": "MISC",
"url": "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13116",
"datePublished": "2019-10-16T19:06:39.000Z",
"dateReserved": "2019-06-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:41:10.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15630 (GCVE-0-2019-15630)
Vulnerability from cvelistv5 – Published: 2019-08-30 16:56 – Updated: 2024-08-05 00:56
VLAI
Summary
Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process.
Severity
No CVSS data available.
CWE
- Directory Traversal (Local File Inclusion)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://help.salesforce.com/apex/HTViewSolution?u… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Salesforce, Inc. | Mulesoft |
Affected:
3.x and 4.x released before August 1 2019
|
|
| Salesforce, Inc. | Mulesoft API Gateway |
Affected:
All versions
|
Date Public
2019-08-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.salesforce.com/apex/HTViewSolution?urlname=CVE-2019-15630-Directory-Traversal-in-MuleSoft-Runtime\u0026language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mulesoft",
"vendor": "Salesforce, Inc.",
"versions": [
{
"status": "affected",
"version": "3.x and 4.x released before August 1 2019"
}
]
},
{
"product": "Mulesoft API Gateway",
"vendor": "Salesforce, Inc.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"datePublic": "2019-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal (Local File Inclusion)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-03T18:21:26.000Z",
"orgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"shortName": "Salesforce"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.salesforce.com/apex/HTViewSolution?urlname=CVE-2019-15630-Directory-Traversal-in-MuleSoft-Runtime\u0026language=en_US"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@salesforce.com",
"ID": "CVE-2019-15630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mulesoft",
"version": {
"version_data": [
{
"version_value": "3.x and 4.x released before August 1 2019"
}
]
}
},
{
"product_name": "Mulesoft API Gateway",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Salesforce, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal (Local File Inclusion)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.salesforce.com/apex/HTViewSolution?urlname=CVE-2019-15630-Directory-Traversal-in-MuleSoft-Runtime\u0026language=en_US",
"refsource": "MISC",
"url": "https://help.salesforce.com/apex/HTViewSolution?urlname=CVE-2019-15630-Directory-Traversal-in-MuleSoft-Runtime\u0026language=en_US"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"assignerShortName": "Salesforce",
"cveId": "CVE-2019-15630",
"datePublished": "2019-08-30T16:56:14.000Z",
"dateReserved": "2019-08-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:56:22.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-6937 (GCVE-0-2020-6937)
Vulnerability from nvd – Published: 2020-05-29 21:27 – Updated: 2024-08-04 09:18
VLAI
Summary
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
Severity
No CVSS data available.
CWE
- Denial of Service
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://help.salesforce.com/articleView?id=000353… | x_refsource_CONFIRM |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| n/a | MuleSoft Mule CE/EE |
Affected:
3.8.x
Affected: 3.9.x Affected: 4.x |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T09:18:02.520Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://help.salesforce.com/articleView?id=000353701\u0026language=en_US\u0026type=1\u0026mode=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "MuleSoft Mule CE/EE",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "3.8.x"
},
{
"status": "affected",
"version": "3.9.x"
},
{
"status": "affected",
"version": "4.x"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Denial of Service",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-05-29T21:27:33.000Z",
"orgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"shortName": "Salesforce"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://help.salesforce.com/articleView?id=000353701\u0026language=en_US\u0026type=1\u0026mode=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@salesforce.com",
"ID": "CVE-2020-6937",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "MuleSoft Mule CE/EE",
"version": {
"version_data": [
{
"version_value": "3.8.x"
},
{
"version_value": "3.9.x"
},
{
"version_value": "4.x"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Denial of Service"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.salesforce.com/articleView?id=000353701\u0026language=en_US\u0026type=1\u0026mode=1",
"refsource": "CONFIRM",
"url": "https://help.salesforce.com/articleView?id=000353701\u0026language=en_US\u0026type=1\u0026mode=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"assignerShortName": "Salesforce",
"cveId": "CVE-2020-6937",
"datePublished": "2020-05-29T21:27:33.000Z",
"dateReserved": "2020-01-13T00:00:00.000Z",
"dateUpdated": "2024-08-04T09:18:02.520Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15631 (GCVE-0-2019-15631)
Vulnerability from nvd – Published: 2019-12-02 01:44 – Updated: 2024-08-05 00:56
VLAI
Summary
Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.
Severity
9.8 (Critical)
CWE
- Remote Code Execution
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://help.salesforce.com/articleView?id=000351… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| MuleSoft | Mule CE/EE 3.x |
Affected:
released before October 31, 2019
|
|
| MuleSoft | Mule API Gateway 2.x |
Affected:
released before October 31, 2019
|
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:20.902Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.salesforce.com/articleView?id=000351827\u0026language=en_US\u0026type=1\u0026mode=1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mule CE/EE 3.x",
"vendor": "MuleSoft",
"versions": [
{
"status": "affected",
"version": "released before October 31, 2019"
}
]
},
{
"product": "Mule API Gateway 2.x",
"vendor": "MuleSoft",
"versions": [
{
"status": "affected",
"version": "released before October 31, 2019"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Remote Code Execution",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-12-02T01:44:27.000Z",
"orgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"shortName": "Salesforce"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.salesforce.com/articleView?id=000351827\u0026language=en_US\u0026type=1\u0026mode=1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@salesforce.com",
"ID": "CVE-2019-15631",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mule CE/EE 3.x",
"version": {
"version_data": [
{
"version_value": "released before October 31, 2019"
}
]
}
},
{
"product_name": "Mule API Gateway 2.x",
"version": {
"version_data": [
{
"version_value": "released before October 31, 2019"
}
]
}
}
]
},
"vendor_name": "MuleSoft"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Remote Code Execution"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.salesforce.com/articleView?id=000351827\u0026language=en_US\u0026type=1\u0026mode=1",
"refsource": "MISC",
"url": "https://help.salesforce.com/articleView?id=000351827\u0026language=en_US\u0026type=1\u0026mode=1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"assignerShortName": "Salesforce",
"cveId": "CVE-2019-15631",
"datePublished": "2019-12-02T01:44:27.000Z",
"dateReserved": "2019-08-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:56:20.902Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-13116 (GCVE-0-2019-13116)
Vulnerability from nvd – Published: 2019-10-16 19:06 – Updated: 2024-08-04 23:41
VLAI
Summary
The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://docs.mulesoft.com/release-notes/mule-runt… | x_refsource_MISC |
| https://threat.tevora.com/mulesoft-3-8-unauthenti… | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T23:41:10.467Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T21:39:56.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-13116",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes",
"refsource": "MISC",
"url": "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes"
},
{
"name": "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/",
"refsource": "MISC",
"url": "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-13116",
"datePublished": "2019-10-16T19:06:39.000Z",
"dateReserved": "2019-06-30T00:00:00.000Z",
"dateUpdated": "2024-08-04T23:41:10.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-15630 (GCVE-0-2019-15630)
Vulnerability from nvd – Published: 2019-08-30 16:56 – Updated: 2024-08-05 00:56
VLAI
Summary
Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process.
Severity
No CVSS data available.
CWE
- Directory Traversal (Local File Inclusion)
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://help.salesforce.com/apex/HTViewSolution?u… | x_refsource_MISC |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Salesforce, Inc. | Mulesoft |
Affected:
3.x and 4.x released before August 1 2019
|
|
| Salesforce, Inc. | Mulesoft API Gateway |
Affected:
All versions
|
Date Public
2019-08-30 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T00:56:22.135Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://help.salesforce.com/apex/HTViewSolution?urlname=CVE-2019-15630-Directory-Traversal-in-MuleSoft-Runtime\u0026language=en_US"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Mulesoft",
"vendor": "Salesforce, Inc.",
"versions": [
{
"status": "affected",
"version": "3.x and 4.x released before August 1 2019"
}
]
},
{
"product": "Mulesoft API Gateway",
"vendor": "Salesforce, Inc.",
"versions": [
{
"status": "affected",
"version": "All versions"
}
]
}
],
"datePublic": "2019-08-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Directory Traversal (Local File Inclusion)",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-09-03T18:21:26.000Z",
"orgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"shortName": "Salesforce"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://help.salesforce.com/apex/HTViewSolution?urlname=CVE-2019-15630-Directory-Traversal-in-MuleSoft-Runtime\u0026language=en_US"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@salesforce.com",
"ID": "CVE-2019-15630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Mulesoft",
"version": {
"version_data": [
{
"version_value": "3.x and 4.x released before August 1 2019"
}
]
}
},
{
"product_name": "Mulesoft API Gateway",
"version": {
"version_data": [
{
"version_value": "All versions"
}
]
}
}
]
},
"vendor_name": "Salesforce, Inc."
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Directory Traversal (Local File Inclusion)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://help.salesforce.com/apex/HTViewSolution?urlname=CVE-2019-15630-Directory-Traversal-in-MuleSoft-Runtime\u0026language=en_US",
"refsource": "MISC",
"url": "https://help.salesforce.com/apex/HTViewSolution?urlname=CVE-2019-15630-Directory-Traversal-in-MuleSoft-Runtime\u0026language=en_US"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c9b25dee-ae6d-4083-ba23-638c500cc364",
"assignerShortName": "Salesforce",
"cveId": "CVE-2019-15630",
"datePublished": "2019-08-30T16:56:14.000Z",
"dateReserved": "2019-08-26T00:00:00.000Z",
"dateUpdated": "2024-08-05T00:56:22.135Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}