Vulnerabilities (CVE)

Filtered by vendor Talend Subscribe
Total 17 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-36301 1 Talend 1 Data Catalog 2024-11-21 N/A 7.5 HIGH
Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet.
CVE-2023-33247 1 Talend 1 Data Catalog 2024-11-21 N/A 7.5 HIGH
Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog server.)
CVE-2023-31444 1 Talend 1 Studio 2024-11-21 N/A 7.5 HIGH
In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JVM via the Jolokia JMX-HTTP bridge.
CVE-2023-26264 1 Talend 1 Data Catalog 2024-11-21 N/A 5.5 MEDIUM
All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity (XXE) attacks in the license parsing code.
CVE-2023-26263 1 Talend 1 Data Catalog 2024-11-21 N/A 5.5 MEDIUM
All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity (XXE) attacks in the /MIMBWebServices/license endpoint of the remote harvesting server.
CVE-2022-4818 1 Talend 1 Open Studio For Mdm 2024-11-21 N/A 5.5 MEDIUM
A vulnerability was found in Talend Open Studio for MDM. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file org.talend.mdm.core/src/com/amalto/core/storage/SystemStorageWrapper.java. The manipulation leads to xml external entity reference. Upgrading to version 20221220_1938 is able to address this issue. The name of the patch is 95590db2ad6a582c371273ceab1a73ad6ed47853. It is recommended to upgrade the affected component. The identifier VDB-216997 was assigned to this vulnerability.
CVE-2022-45589 1 Talend 1 Esb Runtime 2024-11-21 N/A 7.2 HIGH
All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Users of the provisioning service should upgrade to either 8.0.1-R2022-10-RT or 7.3.1-R2022-09-RT or a later release and use it in place of the previous version.
CVE-2022-45588 1 Talend 1 Remote Engine Gen 2 2024-11-21 N/A 7.8 HIGH
All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks. Users should download the R2022-09 release or later and use it in place of the previous version. Talend Remote Engine Gen 1 and Talend Cloud Engine for Design are not impacted. This XXE vulnerability could only be exploited by someone with the appropriate rights to edit pipelines on the Talend platform. It could not be triggered remotely or by other user input.
CVE-2022-31648 1 Talend 1 Administration Center 2024-11-21 4.3 MEDIUM 6.1 MEDIUM
Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. The issue is fixed for versions 8.0.x in TPS-5233, for versions 7.3.x in TPS-5324, and for versions 7.2.x in TPS-5235. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version.
CVE-2022-30332 1 Talend 1 Administration Center 2024-11-21 N/A 5.3 MEDIUM
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via a series of requests.
CVE-2022-29943 1 Talend 1 Administration Center 2024-11-21 6.8 MEDIUM 6.5 MEDIUM
Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version.
CVE-2022-29942 1 Talend 1 Administration Center 2024-11-21 4.0 MEDIUM 6.5 MEDIUM
Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version.
CVE-2021-4311 1 Talend 1 Open Studio 2024-11-21 4.9 MEDIUM 5.5 MEDIUM
A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to xml external entity reference. The patch is identified as 31d442b9fb1d518128fd18f6e4d54e06c3d67793. It is recommended to apply a patch to fix this issue. VDB-217666 is the identifier assigned to this vulnerability.
CVE-2021-42837 1 Talend 1 Data Catalog 2024-11-21 7.5 HIGH 9.8 CRITICAL
An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth provider can be used as the username with an arbitrary password, and login will succeed.
CVE-2021-40684 1 Talend 1 Esb Runtime 2024-11-21 6.4 MEDIUM 9.1 CRITICAL
Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running in the container.
CVE-2014-2228 1 Talend 1 Restlet 2024-11-21 7.5 HIGH 9.8 CRITICAL
The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages.
CVE-2012-2656 1 Talend 1 Restlet 2024-11-21 5.0 MEDIUM 7.5 HIGH
An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive information.