PT-2019-13135 · Mulesoft+1 · Mule Runtime Engine+2

Publicado

2019-10-16

Atualizado

2022-05-24

CVE-2019-13116

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MuleSoft Mule Community Edition versions prior to 3.8 MuleSoft Mule runtime engine versions prior to 3.8.0

Description The issue allows remote attackers to execute arbitrary code due to Java Deserialization, related to Apache Commons Collections. This can be exploited by attackers to gain unauthorized access and control over the system.

Recommendations For MuleSoft Mule Community Edition versions prior to 3.8, update to version 3.8 or later to resolve the issue. For MuleSoft Mule runtime engine versions prior to 3.8.0, update to version 3.8.0 or later to resolve the issue.

Exploit

Correção

Deserialization of Untrusted Data

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-502

Identificadores relacionados

CVE-2019-13116

GHSA-CVCF-W75C-GW5R

Produtos afetados

Apache Commons Collections

Mule Community Edition

Mule Runtime Engine

PT-2019-13135 · Mulesoft+1 · Mule Runtime Engine+2

CVE-2019-13116

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 6