CVE Vulnerabilities

CVE-2014-9000

Published: Nov 20, 2014 | Modified: Nov 20, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.5 MEDIUM
AV:N/AC:L/Au:S/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB Runtime 3.5.1, but it originates in MMC.

Affected Software

Name Vendor Start Version End Version
Mule_enterprise_management_console Mulesoft - (including) - (including)

References