Posted by Barak Engel on Oct 24

Thank you Brandon Perry for finding this vulnerability.

We would like to make a correction to the disclosure – this issue
affects only the Mule Enterprise Management Console (MMC) used by some
customer administrators to manage Mule ESB runtimes, and not the Mule
ESB runtime itself. MMC is typically deployed in a secure network
segment, accessible only to trusted users. Therefore, under normal
conditions, this exploit would originate from an…