PT-2019-13135 · Mulesoft+1 · Mule Runtime Engine+2

Published

2019-10-16

Updated

2022-05-24

CVE-2019-13116

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions MuleSoft Mule Community Edition versions prior to 3.8 MuleSoft Mule runtime engine versions prior to 3.8.0

Description The issue allows remote attackers to execute arbitrary code due to Java Deserialization, related to Apache Commons Collections. This can be exploited by attackers to gain unauthorized access and control over the system.

Recommendations For MuleSoft Mule Community Edition versions prior to 3.8, update to version 3.8 or later to resolve the issue. For MuleSoft Mule runtime engine versions prior to 3.8.0, update to version 3.8.0 or later to resolve the issue.

Exploit

Fix

Deserialization of Untrusted Data

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-502

Related Identifiers

CVE-2019-13116

GHSA-CVCF-W75C-GW5R

Affected Products

Apache Commons Collections

Mule Community Edition

Mule Runtime Engine

PT-2019-13135 · Mulesoft+1 · Mule Runtime Engine+2

CVE-2019-13116

Weakness Enumeration

Related Identifiers

Affected Products

References · 6