CVE-2021-1628: 
MuleSoft Mule vulnerability analysis and mitigation

MuleSoft reported an XML External Entity (XXE) vulnerability (CVE-2021-1628) affecting their Mule runtime component. The vulnerability impacts both CloudHub and on-premise customers using Mule 4.x runtime versions released before February 2, 2021. This vulnerability was disclosed on March 26, 2021 (NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 9.8 (Critical) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H. This indicates that the vulnerability can be exploited over the network, requires low attack complexity, needs no privileges or user interaction, and can result in high impact to confidentiality, integrity, and availability. The vulnerability is classified as CWE-611, which relates to Improper Restriction of XML External Entity Reference (NVD).

The XXE vulnerability could potentially allow attackers to disclose sensitive information, modify system files, cause denial of service, or execute remote code on affected systems. Given the CVSS score of 9.8, this vulnerability represents a critical risk to affected organizations (NVD).

Organizations using affected versions of Mule runtime should upgrade to versions released after February 2, 2021. This update addresses the XXE vulnerability (Vendor Advisory).