Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB Runtime 3.5.1, but it originates in MMC.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Mulesoft ESB Runtime Mule Enterprise Management Console 权限许可和访问控制漏洞
Vulnerability Description
Mulesoft ESB Runtime是美国Mulesoft公司的一套基于ESB架构的消息平台。Mule Enterprise Management Console(MMC)是其中的一个ESB资源管理控制台。 Mulesoft ESB Runtime MMC中存在安全漏洞,该漏洞源于程序没有正确限制handler/securityService.rpc文件的访问。远程攻击者可通过发送特制的请求利用该漏洞获取管理员权限,执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A