cbcvebase.

Mulesoft Mule Runtime vulnerabilities

4 known vulnerabilities affecting mulesoft/mule_runtime.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL2HIGH2

Vulnerabilities

Page 1 of 1
CVE-2019-13116P2CRITICALCVSS 9.8fixed in 3.8.02019-10-16
CVE-2019-13116 [CRITICAL] CWE-502 CVE-2019-13116: The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arb The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections
nvd
CVE-2019-15631P3CRITICALCVSS 9.8≥ 3.0.0, ≤ 3.9.32019-12-02
CVE-2019-15631 [CRITICAL] CVE-2019-15631: Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before O Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.
nvd
CVE-2019-15630P3HIGHCVSS 7.5≥ 3.2.0, ≤ 3.9.3≥ 4.1.0, ≤ 4.2.12019-08-30
CVE-2019-15630 [HIGH] CWE-22 CVE-2019-15630: Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runti Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule pr
nvd
CVE-2020-6937P4HIGHCVSS 7.5≥ 3.8.0, ≤ 3.8.7≥ 3.9.0, ≤ 3.9.4+1 more2020-05-29
CVE-2020-6937 [HIGH] CVE-2020-6937: A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.
nvd
Mulesoft Mule Runtime vulnerabilities | cvebase