Vulnerabilites related to mulesoft - mule_runtime
cve-2020-6937
Vulnerability from cvelistv5
Published
2020-05-29 21:27
Modified
2024-08-04 09:18
Severity ?
EPSS score ?
Summary
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
References
| ▼ | URL | Tags |
|---|---|---|
| https://help.salesforce.com/articleView?id=000353701&language=en_US&type=1&mode=1 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| n/a | MuleSoft Mule CE/EE |
Version: 3.8.x Version: 3.9.x Version: 4.x |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T09:18:02.520Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_CONFIRM", "x_transferred", ], url: "https://help.salesforce.com/articleView?id=000353701&language=en_US&type=1&mode=1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "MuleSoft Mule CE/EE", vendor: "n/a", versions: [ { status: "affected", version: "3.8.x", }, { status: "affected", version: "3.9.x", }, { status: "affected", version: "4.x", }, ], }, ], descriptions: [ { lang: "en", value: "A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.", }, ], problemTypes: [ { descriptions: [ { description: "Denial of Service", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2020-05-29T21:27:33", orgId: "c9b25dee-ae6d-4083-ba23-638c500cc364", shortName: "Salesforce", }, references: [ { tags: [ "x_refsource_CONFIRM", ], url: "https://help.salesforce.com/articleView?id=000353701&language=en_US&type=1&mode=1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@salesforce.com", ID: "CVE-2020-6937", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "MuleSoft Mule CE/EE", version: { version_data: [ { version_value: "3.8.x", }, { version_value: "3.9.x", }, { version_value: "4.x", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Denial of Service", }, ], }, ], }, references: { reference_data: [ { name: "https://help.salesforce.com/articleView?id=000353701&language=en_US&type=1&mode=1", refsource: "CONFIRM", url: "https://help.salesforce.com/articleView?id=000353701&language=en_US&type=1&mode=1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c9b25dee-ae6d-4083-ba23-638c500cc364", assignerShortName: "Salesforce", cveId: "CVE-2020-6937", datePublished: "2020-05-29T21:27:33", dateReserved: "2020-01-13T00:00:00", dateUpdated: "2024-08-04T09:18:02.520Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-15631
Vulnerability from cvelistv5
Published
2019-12-02 01:44
Modified
2024-08-05 00:56
Severity ?
EPSS score ?
Summary
Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.
References
| ▼ | URL | Tags |
|---|---|---|
| https://help.salesforce.com/articleView?id=000351827&language=en_US&type=1&mode=1 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | MuleSoft | Mule CE/EE 3.x |
Version: released before October 31, 2019 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:56:20.902Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://help.salesforce.com/articleView?id=000351827&language=en_US&type=1&mode=1", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Mule CE/EE 3.x", vendor: "MuleSoft", versions: [ { status: "affected", version: "released before October 31, 2019", }, ], }, { product: "Mule API Gateway 2.x", vendor: "MuleSoft", versions: [ { status: "affected", version: "released before October 31, 2019", }, ], }, ], descriptions: [ { lang: "en", value: "Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.", }, ], metrics: [ { cvssV3_0: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, ], problemTypes: [ { descriptions: [ { description: "Remote Code Execution", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-12-02T01:44:27", orgId: "c9b25dee-ae6d-4083-ba23-638c500cc364", shortName: "Salesforce", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://help.salesforce.com/articleView?id=000351827&language=en_US&type=1&mode=1", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@salesforce.com", ID: "CVE-2019-15631", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Mule CE/EE 3.x", version: { version_data: [ { version_value: "released before October 31, 2019", }, ], }, }, { product_name: "Mule API Gateway 2.x", version: { version_data: [ { version_value: "released before October 31, 2019", }, ], }, }, ], }, vendor_name: "MuleSoft", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.", }, ], }, impact: { cvss: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AC:L/AV:N/A:H/C:H/I:H/PR:N/S:U/UI:N", version: "3.0", }, }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Remote Code Execution", }, ], }, ], }, references: { reference_data: [ { name: "https://help.salesforce.com/articleView?id=000351827&language=en_US&type=1&mode=1", refsource: "MISC", url: "https://help.salesforce.com/articleView?id=000351827&language=en_US&type=1&mode=1", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c9b25dee-ae6d-4083-ba23-638c500cc364", assignerShortName: "Salesforce", cveId: "CVE-2019-15631", datePublished: "2019-12-02T01:44:27", dateReserved: "2019-08-26T00:00:00", dateUpdated: "2024-08-05T00:56:20.902Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-13116
Vulnerability from cvelistv5
Published
2019-10-16 19:06
Modified
2024-08-04 23:41
Severity ?
EPSS score ?
Summary
The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections
References
| ▼ | URL | Tags |
|---|---|---|
| https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes | x_refsource_MISC | |
| https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/ | x_refsource_MISC |
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-04T23:41:10.467Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes", }, { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "n/a", vendor: "n/a", versions: [ { status: "affected", version: "n/a", }, ], }, ], descriptions: [ { lang: "en", value: "The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections", }, ], problemTypes: [ { descriptions: [ { description: "n/a", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-10-29T21:39:56", orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", shortName: "mitre", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes", }, { tags: [ "x_refsource_MISC", ], url: "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "cve@mitre.org", ID: "CVE-2019-13116", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "n/a", version: { version_data: [ { version_value: "n/a", }, ], }, }, ], }, vendor_name: "n/a", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "n/a", }, ], }, ], }, references: { reference_data: [ { name: "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes", refsource: "MISC", url: "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes", }, { name: "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/", refsource: "MISC", url: "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca", assignerShortName: "mitre", cveId: "CVE-2019-13116", datePublished: "2019-10-16T19:06:39", dateReserved: "2019-06-30T00:00:00", dateUpdated: "2024-08-04T23:41:10.467Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
cve-2019-15630
Vulnerability from cvelistv5
Published
2019-08-30 16:56
Modified
2024-08-05 00:56
Severity ?
EPSS score ?
Summary
Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process.
References
Impacted products
| Vendor | Product | Version | |||||||
|---|---|---|---|---|---|---|---|---|---|
| ▼ | Salesforce, Inc. | Mulesoft |
Version: 3.x and 4.x released before August 1 2019 |
||||||
|
|||||||||
{ containers: { adp: [ { providerMetadata: { dateUpdated: "2024-08-05T00:56:22.135Z", orgId: "af854a3a-2127-422b-91ae-364da2661108", shortName: "CVE", }, references: [ { tags: [ "x_refsource_MISC", "x_transferred", ], url: "https://help.salesforce.com/apex/HTViewSolution?urlname=CVE-2019-15630-Directory-Traversal-in-MuleSoft-Runtime&language=en_US", }, ], title: "CVE Program Container", }, ], cna: { affected: [ { product: "Mulesoft", vendor: "Salesforce, Inc.", versions: [ { status: "affected", version: "3.x and 4.x released before August 1 2019", }, ], }, { product: "Mulesoft API Gateway", vendor: "Salesforce, Inc.", versions: [ { status: "affected", version: "All versions", }, ], }, ], datePublic: "2019-08-30T00:00:00", descriptions: [ { lang: "en", value: "Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process.", }, ], problemTypes: [ { descriptions: [ { description: "Directory Traversal (Local File Inclusion)", lang: "en", type: "text", }, ], }, ], providerMetadata: { dateUpdated: "2019-09-03T18:21:26", orgId: "c9b25dee-ae6d-4083-ba23-638c500cc364", shortName: "Salesforce", }, references: [ { tags: [ "x_refsource_MISC", ], url: "https://help.salesforce.com/apex/HTViewSolution?urlname=CVE-2019-15630-Directory-Traversal-in-MuleSoft-Runtime&language=en_US", }, ], x_legacyV4Record: { CVE_data_meta: { ASSIGNER: "security@salesforce.com", ID: "CVE-2019-15630", STATE: "PUBLIC", }, affects: { vendor: { vendor_data: [ { product: { product_data: [ { product_name: "Mulesoft", version: { version_data: [ { version_value: "3.x and 4.x released before August 1 2019", }, ], }, }, { product_name: "Mulesoft API Gateway", version: { version_data: [ { version_value: "All versions", }, ], }, }, ], }, vendor_name: "Salesforce, Inc.", }, ], }, }, data_format: "MITRE", data_type: "CVE", data_version: "4.0", description: { description_data: [ { lang: "eng", value: "Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process.", }, ], }, problemtype: { problemtype_data: [ { description: [ { lang: "eng", value: "Directory Traversal (Local File Inclusion)", }, ], }, ], }, references: { reference_data: [ { name: "https://help.salesforce.com/apex/HTViewSolution?urlname=CVE-2019-15630-Directory-Traversal-in-MuleSoft-Runtime&language=en_US", refsource: "MISC", url: "https://help.salesforce.com/apex/HTViewSolution?urlname=CVE-2019-15630-Directory-Traversal-in-MuleSoft-Runtime&language=en_US", }, ], }, }, }, }, cveMetadata: { assignerOrgId: "c9b25dee-ae6d-4083-ba23-638c500cc364", assignerShortName: "Salesforce", cveId: "CVE-2019-15630", datePublished: "2019-08-30T16:56:14", dateReserved: "2019-08-26T00:00:00", dateUpdated: "2024-08-05T00:56:22.135Z", state: "PUBLISHED", }, dataType: "CVE_RECORD", dataVersion: "5.1", }
Vulnerability from fkie_nvd
Published
2019-10-16 20:15
Modified
2024-11-21 04:24
Severity ?
Summary
The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes | Release Notes | |
| cve@mitre.org | https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/ | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes | Release Notes | |
| af854a3a-2127-422b-91ae-364da2661108 | https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/ | Exploit, Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mulesoft | mule_runtime | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mulesoft:mule_runtime:*:*:*:*:*:*:*:*", matchCriteriaId: "165D43DA-443E-4122-8F32-DE1FBEAEB761", versionEndExcluding: "3.8.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections", }, { lang: "es", value: "El motor de tiempo de ejecución de MuleSoft Mule Community Edition versiones anteriores a 3.8, permite a los atacantes remotos ejecutar código arbitrario debido a la deserialización de Java, relacionada con Apache Commons Collections.", }, ], id: "CVE-2019-13116", lastModified: "2024-11-21T04:24:13.483", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-10-16T20:15:11.103", references: [ { source: "cve@mitre.org", tags: [ "Release Notes", ], url: "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes", }, { source: "cve@mitre.org", tags: [ "Exploit", "Third Party Advisory", ], url: "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Release Notes", ], url: "https://docs.mulesoft.com/release-notes/mule-runtime/mule-3.8.0-release-notes", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Exploit", "Third Party Advisory", ], url: "https://threat.tevora.com/mulesoft-3-8-unauthenticated-rce/", }, ], sourceIdentifier: "cve@mitre.org", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-502", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2020-05-29 22:15
Modified
2024-11-21 05:36
Severity ?
Summary
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mulesoft | mule_runtime | * | |
| mulesoft | mule_runtime | * | |
| mulesoft | mule_runtime | * | |
| mulesoft | mule_runtime | * | |
| mulesoft | mule_runtime | * | |
| mulesoft | mule_runtime | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mulesoft:mule_runtime:*:*:*:*:community:*:*:*", matchCriteriaId: "527BE337-26A2-4E94-B133-379F69C0048B", versionEndIncluding: "3.8.7", versionStartIncluding: "3.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mulesoft:mule_runtime:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "E77E93A9-0721-48D3-AA7E-7BC449602F46", versionEndIncluding: "3.8.7", versionStartIncluding: "3.8.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mulesoft:mule_runtime:*:*:*:*:community:*:*:*", matchCriteriaId: "7808013B-7B73-4079-9A55-E058095983BA", versionEndIncluding: "3.9.4", versionStartIncluding: "3.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mulesoft:mule_runtime:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "4D2E1C69-A73F-4AB2-9E51-830A8A0EF893", versionEndIncluding: "3.9.4", versionStartIncluding: "3.9.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mulesoft:mule_runtime:*:*:*:*:community:*:*:*", matchCriteriaId: "88C1A670-A99C-4183-B887-F6268A4C758E", versionEndIncluding: "4.3.0", versionStartIncluding: "4.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mulesoft:mule_runtime:*:*:*:*:enterprise:*:*:*", matchCriteriaId: "455F29FB-A4C5-427D-9B40-AC6BB83B48DD", versionEndIncluding: "4.3.0", versionStartIncluding: "4.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.", }, { lang: "es", value: "Una vulnerabilidad de Denegación de Servicio en MuleSoft Mule CE/EE versiones 3.8.x, 3.9.x y 4.x publicada antes del 7 de abril de 2020, podría permitir a atacantes remotos enviar datos que pueden conllevar al agotamiento de recursos.", }, ], id: "CVE-2020-6937", lastModified: "2024-11-21T05:36:22.137", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 5, confidentialityImpact: "NONE", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:N/I:N/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "NONE", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2020-05-29T22:15:10.553", references: [ { source: "security@salesforce.com", tags: [ "Vendor Advisory", ], url: "https://help.salesforce.com/articleView?id=000353701&language=en_US&type=1&mode=1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Vendor Advisory", ], url: "https://help.salesforce.com/articleView?id=000353701&language=en_US&type=1&mode=1", }, ], sourceIdentifier: "security@salesforce.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-12-02 02:15
Modified
2024-11-21 04:29
Severity ?
Summary
Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mulesoft | api_gateway | * | |
| mulesoft | mule_runtime | * | |
| mulesoft | mule_runtime | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mulesoft:api_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "DC61DCD4-5624-473D-9325-14572EDCD561", versionEndIncluding: "2.2.12", versionStartIncluding: "2.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mulesoft:mule_runtime:*:*:*:*:*:*:community:*", matchCriteriaId: "BD243CEB-4A42-4746-A9F3-C3214AEF600E", versionEndIncluding: "3.9.3", versionStartIncluding: "3.0.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mulesoft:mule_runtime:*:*:*:*:*:enterprise:*:*", matchCriteriaId: "5C4FA5E7-A41D-4F59-81A5-21A047E9E7E8", versionEndIncluding: "3.9.3", versionStartIncluding: "3.0.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.", }, { lang: "es", value: "Una vulnerabilidad de Ejecución de Código Remota en MuleSoft Mule CE/EE versiones 3.x y API Gateway versiones 2.x publicadas antes del 31 de octubre de 2019, permite a atacantes remotos ejecutar código arbitrario.", }, ], id: "CVE-2019-15631", lastModified: "2024-11-21T04:29:09.993", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "HIGH", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "PARTIAL", baseScore: 7.5, confidentialityImpact: "PARTIAL", integrityImpact: "PARTIAL", vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P", version: "2.0", }, exploitabilityScore: 10, impactScore: 6.4, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "security@salesforce.com", type: "Secondary", }, ], cvssMetricV31: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "HIGH", baseScore: 9.8, baseSeverity: "CRITICAL", confidentialityImpact: "HIGH", integrityImpact: "HIGH", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", version: "3.1", }, exploitabilityScore: 3.9, impactScore: 5.9, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-12-02T02:15:10.613", references: [ { source: "security@salesforce.com", tags: [ "Third Party Advisory", ], url: "https://help.salesforce.com/articleView?id=000351827&language=en_US&type=1&mode=1", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://help.salesforce.com/articleView?id=000351827&language=en_US&type=1&mode=1", }, ], sourceIdentifier: "security@salesforce.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "NVD-CWE-noinfo", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }
Vulnerability from fkie_nvd
Published
2019-08-30 17:15
Modified
2024-11-21 04:29
Severity ?
Summary
Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mulesoft | api_gateway | * | |
| mulesoft | mule_runtime | * | |
| mulesoft | mule_runtime | * |
{ configurations: [ { nodes: [ { cpeMatch: [ { criteria: "cpe:2.3:a:mulesoft:api_gateway:*:*:*:*:*:*:*:*", matchCriteriaId: "0A4EE65F-5D59-4DB7-AC4A-8A5B16EC3576", vulnerable: true, }, { criteria: "cpe:2.3:a:mulesoft:mule_runtime:*:*:*:*:*:*:*:*", matchCriteriaId: "4CBDD07A-6C14-4CFD-8AD5-6C900D33BA23", versionEndIncluding: "3.9.3", versionStartIncluding: "3.2.0", vulnerable: true, }, { criteria: "cpe:2.3:a:mulesoft:mule_runtime:*:*:*:*:*:*:*:*", matchCriteriaId: "D24C3B68-2456-4D77-87F1-C0056B871D2E", versionEndIncluding: "4.2.1", versionStartIncluding: "4.1.0", vulnerable: true, }, ], negate: false, operator: "OR", }, ], }, ], cveTags: [], descriptions: [ { lang: "en", value: "Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process.", }, { lang: "es", value: "Directory Traversal en APIkit, http connector y OAuth2 Provider components en MuleSoft Mule Runtime versión 3.2.0 y versiones anteriores lanzadas antes del 1 de agosto de 2019, MuleSoft Mule Runtime versión 4.1.0 y versiones anteriores lanzadas antes del 1 de agosto de 2019, y todas las versiones de MuleSoft API Gateway lanzado antes del 1 de agosto de 2019 permiten a los atacantes remotos leer los archivos accesibles para el proceso de Mule.", }, ], id: "CVE-2019-15630", lastModified: "2024-11-21T04:29:09.887", metrics: { cvssMetricV2: [ { acInsufInfo: false, baseSeverity: "MEDIUM", cvssData: { accessComplexity: "LOW", accessVector: "NETWORK", authentication: "NONE", availabilityImpact: "NONE", baseScore: 5, confidentialityImpact: "PARTIAL", integrityImpact: "NONE", vectorString: "AV:N/AC:L/Au:N/C:P/I:N/A:N", version: "2.0", }, exploitabilityScore: 10, impactScore: 2.9, obtainAllPrivilege: false, obtainOtherPrivilege: false, obtainUserPrivilege: false, source: "nvd@nist.gov", type: "Primary", userInteractionRequired: false, }, ], cvssMetricV30: [ { cvssData: { attackComplexity: "LOW", attackVector: "NETWORK", availabilityImpact: "NONE", baseScore: 7.5, baseSeverity: "HIGH", confidentialityImpact: "HIGH", integrityImpact: "NONE", privilegesRequired: "NONE", scope: "UNCHANGED", userInteraction: "NONE", vectorString: "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", version: "3.0", }, exploitabilityScore: 3.9, impactScore: 3.6, source: "nvd@nist.gov", type: "Primary", }, ], }, published: "2019-08-30T17:15:11.940", references: [ { source: "security@salesforce.com", tags: [ "Third Party Advisory", ], url: "https://help.salesforce.com/apex/HTViewSolution?urlname=CVE-2019-15630-Directory-Traversal-in-MuleSoft-Runtime&language=en_US", }, { source: "af854a3a-2127-422b-91ae-364da2661108", tags: [ "Third Party Advisory", ], url: "https://help.salesforce.com/apex/HTViewSolution?urlname=CVE-2019-15630-Directory-Traversal-in-MuleSoft-Runtime&language=en_US", }, ], sourceIdentifier: "security@salesforce.com", vulnStatus: "Modified", weaknesses: [ { description: [ { lang: "en", value: "CWE-22", }, ], source: "nvd@nist.gov", type: "Primary", }, ], }