CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Mulesoft: >> Mule Enterprise Management Console Security Vulnerabilities

CVE-2014-9000

Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB Runtime 3.5.1, but it originates in MMC.

CVSS Score

6.5

EPSS Score

0.151

Published

2014-11-20

Page 1

Vulnerabilities

Vulnerable Software

Mulesoft: >> Mule Enterprise Management Console Security Vulnerabilities

Products

Pricing

Contact Us