MuleSoft, the company that manufactures middleware, or integration software,has found a
security flaw in the engine MuleSoft and in the API Gateway, two of the most
popular products of the company.
This flaw was reported by MuleSoft which sent an email to
its clients. In this email it was specified that they had to install the latest
software updates in which the vulnerabilities had been fixed. It was also emphasized that this communication should not be spread, as they did not want to make the security flaw public,
but within a few hours it had already leaked on the social network Twitter.
The security flaw caused an attacker to be able to
upload a file to a system from any location. Given this possibility, it could be uploaded malwareto the device, pudiendo obtener acceso a todo el sistema.
MuleSoft ha puesto el mayor esfuerzo para solucionar este
asunto. Antes de notificar a nadie, solucionaron la vulnerabilidad en secreto y notificaron el incidente a todos sus clientes. La actualización ya se encuentra disponible y se recomienda actualizar los sistemas que implementen el software vulnerable.