CVE-2014-9000

Опубликовано: 20 нояб. 2014

Источник: nvd

CVSS2: 6.5

EPSS Средний

Описание

Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB Runtime 3.5.1, but it originates in MMC.

Ссылки

http://packetstormsecurity.com/files/128799
Exploit
http://seclists.org/fulldisclosure/2014/Oct/107
Exploit
http://seclists.org/fulldisclosure/2014/Oct/98
Exploit
http://www.mulesoft.org/documentation/display/current/Mule+Enterprise+Management+Console+Security+Update
Vendor Advisory
http://packetstormsecurity.com/files/128799
Exploit
http://seclists.org/fulldisclosure/2014/Oct/107
Exploit
http://seclists.org/fulldisclosure/2014/Oct/98
Exploit
http://www.mulesoft.org/documentation/display/current/Mule+Enterprise+Management+Console+Security+Update
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mulesoft:mule_enterprise_management_console:-:*:*:*:*:*:*:*

EPSS

Процентиль: 94%

0.15125

Средний

6.5 Medium

CVSS2

Дефекты

CWE-264

Связанные уязвимости

GHSA-fcxw-jr7h-j53p

github

больше 3 лет назад