MuleSoft Mule is a lightweight Java-based enterprise service bus (ESB) and integration platform that enables developers to connect applications quickly and easily, allowing them to exchange data effortlessly. Mule provides a scalable and secure framework for integrating a wide range of on-premises and cloud-based systems.

MuleSoft Mule

MuleSoft is aware of a Server Side Request Forgery vulnerability affecting certain versions of a Mule runtime component that may affect both CloudHub and on-premise customers. This affects: Mule 3.8.x,3.9.x,4.x runtime released before February 2, 2021.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2021-1628	CRITICAL	9.8	MuleSoft Mule	cpe:2.3:a:salesforce:mule	No	Yes	Mar 26, 2021
CVE-2021-1627	CRITICAL	9.8	MuleSoft Mule	cpe:2.3:a:salesforce:mule	No	Yes	Mar 26, 2021
CVE-2021-1626	CRITICAL	9.8	MuleSoft Mule	cpe:2.3:a:salesforce:mule	No	Yes	Mar 26, 2021
CVE-2021-1630	HIGH	7.5	MuleSoft Mule	cpe:2.3:a:salesforce:mule	No	Yes	Aug 05, 2021
CVE-2020-6937	HIGH	7.5	MuleSoft Mule	cpe:2.3:a:mulesoft:mule_runtime	No	Yes	May 29, 2020

CVE-2021-1627:
MuleSoft Mule vulnerability analysis and mitigation

9.8

Related MuleSoft Mule vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2021-1627: MuleSoft Mule vulnerability analysis and mitigation