mulesoft 漏洞与 CVE 列表（6）

产品（CPE）: — CVE 数: 6

mulesoft 漏洞概览

汇总 mulesoft 相关全部产品的 CVE 与安全漏洞情报，包括 CVSS、EPSS、公开时间与漏洞情报数据。

历史漏洞主要涉及 XXE与路径处理缺陷等问题，部分漏洞可能导致文件覆盖，并影响软件部署与生产负载相关场景。

相关漏洞数据主要来源于公开漏洞披露与安全公告，可用于评估历史漏洞暴露面与修复优先级。

漏洞分布趋势（近 24 个月）

CVE	摘要	来源	最高 CVSS	EPSS %	公开时间	更新时间
CVE-2020-6937	A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.	[email protected]	7.5	1.24%	2020-05-29	2026-06-16
CVE-2020-10991	Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java	[email protected]	9.8	1.25%	2020-03-26	2026-06-16
CVE-2019-15631	Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.	[email protected]	9.8	2.34%	2019-12-01	2026-06-16
CVE-2019-13116	The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections	[email protected]	9.8	5.13%	2019-10-16	2026-06-16
CVE-2019-15630	Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process.	[email protected]	7.5	3.00%	2019-08-30	2026-06-16
CVE-2014-9000	Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB Runtime 3.5.1, but it originates in MMC.	[email protected]	6.5	8.87%	2014-11-20	2026-06-16

cvelogic Threat Intelligence