← back
CVE-2014-9000

CVE-2014-9000

EPSS 8.9%
Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitrary code via a crafted request that adds a new user. NOTE: this issue was originally reported for ESB Runtime 3.5.1, but it originates in MMC.
Affected products
n/a · n/a
public PoCs found2
cve_referencepacketstormsecurity.com/files/128799unverifiedexploitdbwww.exploit-db.com/exploits/35079unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://packetstormsecurity.com/files/128799http://seclists.org/fulldisclosure/2014/Oct/107http://seclists.org/fulldisclosure/2014/Oct/98http://www.mulesoft.org/documentation/display/current/Mule+Enterprise+Management+Console+Security+Update