← Back

Mulesoft

mulesoft

6 CVEs • 4 products

Products (4)

Click to collapse
Toggle
Mule Runtime
mule_runtime
4 CVEs
Api Gateway
api_gateway
2 CVEs
Mule Enterprise Management Console
mule_enterprise_management_console
1 CVE
Aplkit
aplkit
1 CVE

CVEs (6)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2020-6937
1Mulesoft
1Mule Runtime
Nov 21, 2024
May 29, 2020
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
CVE-2020-10991
1Mulesoft
1Aplkit
Nov 21, 2024
Mar 27, 2020
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java
CVE-2019-15631
1Mulesoft
2Api Gateway
Mule Runtime
Nov 21, 2024
Dec 2, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.
CVE-2019-13116
1Mulesoft
1Mule Runtime
Nov 21, 2024
Oct 16, 2019
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections
CVE-2019-15630
1Mulesoft
2Api Gateway
Mule Runtime
Nov 21, 2024
Aug 30, 2019
N/A· v4
7.5 HIGH· v3
5.0 MEDIUM· v2
Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019,...Show more
Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process.Show less
CVE-2014-9000
1Mulesoft
1Mule Enterprise Management Console
May 6, 2026
Nov 20, 2014
N/A· v4
N/A· v3
6.5 MEDIUM· v2
Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted...Show more
Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB Runtime 3.5.1, but it originates in MMC.Show less