Vulnerabilities > Mulesoft

DATE CVE VULNERABILITY TITLE RISK
2020-05-29 CVE-2020-6937 Resource Exhaustion vulnerability in Mulesoft Mule Runtime
A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
network
low complexity
mulesoft CWE-400
5.0
2020-03-27 CVE-2020-10991 XXE vulnerability in Mulesoft Aplkit
Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java
network
low complexity
mulesoft CWE-611
7.5
2019-12-02 CVE-2019-15631 Unspecified vulnerability in Mulesoft API Gateway and Mule Runtime
Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.
network
low complexity
mulesoft
7.5
2019-10-16 CVE-2019-13116 Deserialization of Untrusted Data vulnerability in Mulesoft Mule Runtime 3.2.0
The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections
network
low complexity
mulesoft CWE-502
7.5
2019-08-30 CVE-2019-15630 Path Traversal vulnerability in Mulesoft API Gateway and Mule Runtime
Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process.
network
low complexity
mulesoft CWE-22
5.0
2014-11-20 CVE-2014-9000 Permissions, Privileges, and Access Controls vulnerability in Mulesoft Mule Enterprise Management Console
Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user.
network
low complexity
mulesoft CWE-264
6.5