Vulnerabilities (CVE)

Filtered by vendor Mulesoft Subscribe
Total 6 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2020-6937 1 Mulesoft 1 Mule Runtime 2024-11-21 5.0 MEDIUM 7.5 HIGH
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
CVE-2020-10991 1 Mulesoft 1 Aplkit 2024-11-21 7.5 HIGH 9.8 CRITICAL
Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java
CVE-2019-15631 1 Mulesoft 2 Api Gateway, Mule Runtime 2024-11-21 7.5 HIGH 9.8 CRITICAL
Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.
CVE-2019-15630 1 Mulesoft 2 Api Gateway, Mule Runtime 2024-11-21 5.0 MEDIUM 7.5 HIGH
Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process.
CVE-2019-13116 1 Mulesoft 1 Mule Runtime 2024-11-21 7.5 HIGH 9.8 CRITICAL
The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections
CVE-2014-9000 1 Mulesoft 1 Mule Enterprise Management Console 2024-11-21 6.5 MEDIUM N/A
Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB Runtime 3.5.1, but it originates in MMC.