mulesoft 漏洞與 CVE 列表（6）

產品（CPE）: — CVE 數: 6

mulesoft 漏洞概覽

彙總 mulesoft 相關全部產品的 CVE 與安全漏洞情報，包括 CVSS、EPSS、公開時間與漏洞情報資料。

歷史漏洞主要涉及 XXE與路徑處理缺陷等問題，部分漏洞可能導致檔案覆寫，並影響軟體部署與生產負載相關場景。

相關漏洞資料主要來源於公開漏洞披露與安全公告，可用於評估歷史漏洞暴露面與修補優先順序。

漏洞分布趨勢（近 24 個月）

CVE	摘要	來源	最高 CVSS	EPSS %	公開時間	更新時間
CVE-2020-6937	A Denial of Service vulnerability in MuleSoft Mule CE/EE 3.8.x, 3.9.x, and 4.x released before April 7, 2020, could allow remote attackers to submit data which can lead to resource exhaustion.	[email protected]	7.5	0.60%	2020-05-29	2024-11-21
CVE-2020-10991	Mulesoft APIkit through 1.3.0 allows XXE because of validation/RestXmlSchemaValidator.java	[email protected]	9.8	0.38%	2020-03-27	2024-11-21
CVE-2019-15631	Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.	[email protected]	9.8	2.51%	2019-12-02	2024-11-21
CVE-2019-13116	The MuleSoft Mule Community Edition runtime engine before 3.8 allows remote attackers to execute arbitrary code because of Java Deserialization, related to Apache Commons Collections	[email protected]	9.8	2.39%	2019-10-16	2024-11-21
CVE-2019-15630	Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher released before August 1 2019, MuleSoft Mule Runtime 4.1.0 and higher released before August 1 2019, and all versions of MuleSoft API Gateway released before August 1 2019 allow remote attackers to read files accessible to the Mule process.	[email protected]	7.5	0.77%	2019-08-30	2024-11-21
CVE-2014-9000	Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB Runtime 3.5.1, but it originates in MMC.	[email protected]	6.5	15.12%	2014-11-20	2026-05-06

cvelogic Threat Intelligence