Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2021-1630
CVE-2021-1630:
MuleSoft Mule vulnerability analysis and mitigation
Overview
XML external entity (XXE) vulnerability (CVE-2021-1630) affects certain versions of a Mule runtime component that impacts multiple platforms including CloudHub, GovCloud, Runtime Fabric, Pivotal Cloud Foundry, Private Cloud Edition, and on-premise customers (MITRE CVE).
Technical details
The vulnerability is classified with a CVSS v3.1 Base Score of 7.5 (High), with the following vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N. The metrics indicate this is a network-accessible vulnerability requiring low attack complexity, no privileges, and no user interaction to exploit (AttackerKB).
Impact
The vulnerability could allow unauthorized access to sensitive information through XML external entity attacks. The CVSS metrics indicate high impact on confidentiality while integrity and availability remain unaffected (AttackerKB).
Mitigation and workarounds
Affected organizations should update their Mule runtime component to the latest patched version. The vulnerability was addressed in updates released by Salesforce (Salesforce Advisory).
Additional resources
Source: This report was generated using AI
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management