Details of VAR-201912-0661

ID

VAR-201912-0661

CVE

CVE-2019-15631

TITLE

MuleSoft Mule and API Gateway Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2019-013032

DESCRIPTION

Remote Code Execution vulnerability in MuleSoft Mule CE/EE 3.x and API Gateway 2.x released before October 31, 2019 allows remote attackers to execute arbitrary code. MuleSoft Mule and API Gateway Has unspecified vulnerabilities.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state

Trust: 1.71

sources: NVD: CVE-2019-15631 // JVNDB: JVNDB-2019-013032 // VULHUB: VHN-147697

AFFECTED PRODUCTS

vendor:	mulesoft	model:	api gateway	scope:	gte	version:	2.0.0	Trust: 1.0
vendor:	mulesoft	model:	mule runtime	scope:	gte	version:	3.0.0	Trust: 1.0
vendor:	mulesoft	model:	mule runtime	scope:	lte	version:	3.9.3	Trust: 1.0
vendor:	mulesoft	model:	api gateway	scope:	lte	version:	2.2.12	Trust: 1.0
vendor:	mulesoft	model:	mule api gateway	scope:	lt	version:	2019/10/31 earlier 2.x	Trust: 0.8
vendor:	mulesoft	model:	mule runtime	scope:	lt	version:	ce 2019/10/31 earlier 3.x	Trust: 0.8
vendor:	mulesoft	model:	mule runtime	scope:	lt	version:	ee 2019/10/31 earlier 3.x	Trust: 0.8
vendor:	mulesoft	model:	api gateway	scope:	eq	version:	2.2.0	Trust: 0.6
vendor:	mulesoft	model:	api gateway	scope:	eq	version:	2.2.4	Trust: 0.6
vendor:	mulesoft	model:	api gateway	scope:	eq	version:	2.2.8	Trust: 0.6
vendor:	mulesoft	model:	api gateway	scope:	eq	version:	2.2.2	Trust: 0.6
vendor:	mulesoft	model:	api gateway	scope:	eq	version:	2.2.3	Trust: 0.6
vendor:	mulesoft	model:	api gateway	scope:	eq	version:	2.2.6	Trust: 0.6
vendor:	mulesoft	model:	api gateway	scope:	eq	version:	2.2.1	Trust: 0.6
vendor:	mulesoft	model:	api gateway	scope:	eq	version:	2.2.9	Trust: 0.6
vendor:	mulesoft	model:	api gateway	scope:	eq	version:	2.2.7	Trust: 0.6
vendor:	mulesoft	model:	api gateway	scope:	eq	version:	2.2.5	Trust: 0.6

sources: JVNDB: JVNDB-2019-013032 // CNNVD: CNNVD-201912-006 // NVD: CVE-2019-15631

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2019-15631
value:	CRITICAL
Trust: 1.0
security@salesforce.com:	CVE-2019-15631
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2019-15631
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201912-006
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-147697
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2019-15631
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-147697
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

security@salesforce.com:	CVE-2019-15631
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8
nvd@nist.gov:	CVE-2019-15631
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: VULHUB: VHN-147697 // JVNDB: JVNDB-2019-013032 // CNNVD: CNNVD-201912-006 // NVD: CVE-2019-15631 // NVD: CVE-2019-15631

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2019-15631

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201912-006

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-201912-006

CONFIGURATIONS

[
  {
    "CVE_data_version": "4.0",
    "nodes": [
      {
        "operator": "OR",
        "cpe_match": [
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:mulesoft:api_gateway"
          },
          {
            "vulnerable": true,
            "cpe22Uri": "cpe:/a:mulesoft:mule_runtime"
          }
        ]
      }
    ]
  }
]

sources: JVNDB: JVNDB-2019-013032

PATCH

title:	Top Page	url:	https://www.mulesoft.com/	Trust: 0.8
title:	MuleSoft Mule CE/EE and API Gateway Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=105224	Trust: 0.6

sources: JVNDB: JVNDB-2019-013032 // CNNVD: CNNVD-201912-006

EXTERNAL IDS

db:	NVD	id:	CVE-2019-15631	Trust: 2.5
db:	JVNDB	id:	JVNDB-2019-013032	Trust: 0.8
db:	CNNVD	id:	CNNVD-201912-006	Trust: 0.7
db:	VULHUB	id:	VHN-147697	Trust: 0.1

sources: VULHUB: VHN-147697 // JVNDB: JVNDB-2019-013032 // CNNVD: CNNVD-201912-006 // NVD: CVE-2019-15631

REFERENCES

url:	https://help.salesforce.com/articleview?id=000351827&language=en_us&type=1&mode=1	Trust: 2.4
url:	https://nvd.nist.gov/vuln/detail/cve-2019-15631	Trust: 1.4
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2019-15631	Trust: 0.8
url:	https://vigilance.fr/vulnerability/mulesoft-mule-runtime-3-x-code-execution-31032	Trust: 0.6
url:	https://help.salesforce.com/articleview?id=000351827&language=en_us&type=1&mode=1	Trust: 0.1

sources: VULHUB: VHN-147697 // JVNDB: JVNDB-2019-013032 // CNNVD: CNNVD-201912-006 // NVD: CVE-2019-15631

SOURCES

db:	VULHUB	id:	VHN-147697
db:	JVNDB	id:	JVNDB-2019-013032
db:	CNNVD	id:	CNNVD-201912-006
db:	NVD	id:	CVE-2019-15631

LAST UPDATE DATE

2024-11-23T22:11:45.169000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-147697	date:	2019-12-13T00:00:00
db:	JVNDB	id:	JVNDB-2019-013032	date:	2019-12-18T00:00:00
db:	CNNVD	id:	CNNVD-201912-006	date:	2019-12-27T00:00:00
db:	NVD	id:	CVE-2019-15631	date:	2024-11-21T04:29:09.993

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-147697	date:	2019-12-02T00:00:00
db:	JVNDB	id:	JVNDB-2019-013032	date:	2019-12-18T00:00:00
db:	CNNVD	id:	CNNVD-201912-006	date:	2019-12-01T00:00:00
db:	NVD	id:	CVE-2019-15631	date:	2019-12-02T02:15:10.613