Skip to main content

Api Gateway CVE-2019-15631

CRITICAL
2019-12-02 security@salesforce.com
9.8
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Dec 02, 2019 - 02:15 nvd
CRITICAL 9.8

DescriptionNVD

Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code.

AnalysisAI

Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code. Affected products include: Mulesoft Api Gateway, Mulesoft Mule Runtime.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-5645 CRITICAL POC
9.8 Apr 17

In Apache Log4j 2.x before 2.8.2, when using the TCP socket server or UDP socket server to receive serialized log events

CVE-2018-1000613 CRITICAL
9.8 Jul 09

Legion of the Bouncy Castle Legion of the Bouncy Castle Java Cryptography APIs 1.58 up to but not including 1.60 contain

CVE-2018-5407 MEDIUM POC
4.7 Nov 15

Simultaneous Multi-threading (SMT) in processors can enable local users to exploit software vulnerable to timing attacks

CVE-2017-3601 HIGH
8.1 Apr 24

Vulnerability in the Oracle API Gateway component of Oracle Fusion Middleware (subcomponent: Oracle API Gateway). Rated

CVE-2020-11979 HIGH
7.5 Oct 01

As mitigation for CVE-2020-1945 Apache Ant 1.10.8 changed the permissions of temporary files it created so that only the

CVE-2019-15630 HIGH
7.5 Aug 30

Directory Traversal in APIkit, HTTP connector, and OAuth2 Provider components in MuleSoft Mule Runtime 3.2.0 and higher

CVE-2018-1000180 HIGH
7.5 Jun 05

Bouncy Castle BC 1.54 - 1.59, BC-FJA 1.0.0, BC-FJA 1.0.1 and earlier have a flaw in the Low-level interface to RSA key p

CVE-2016-3118 MEDIUM
6.5 Apr 06

CRLF injection vulnerability in CA API Gateway (formerly Layer7 API Gateway) 7.1 before 7.1.04, 8.0 through 8.3 before 8

CVE-2015-3195 MEDIUM
5.3 Dec 06

The ASN1_TFLG_COMBINE implementation in crypto/asn1/tasn_dec.c in OpenSSL before 0.9.8zh, 1.0.0 before 1.0.0t, 1.0.1 bef

CVE-2020-1971 MEDIUM
5.9 Dec 08

The X.509 GeneralName type is a generic type for representing different types of names. Rated medium severity (CVSS 5.9)

CVE-2019-1559 MEDIUM
5.9 Feb 27

If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, an

CVE-2018-0734 MEDIUM
5.9 Oct 30

The OpenSSL DSA signature algorithm has been shown to be vulnerable to a timing side channel attack. Rated medium severi

Share

CVE-2019-15631 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy