Vulnerabilities > CVE-2021-40684 - Unspecified vulnerability in Talend ESB Runtime 5.1

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

talend

critical

NVD

Published: 2021-09-22

Updated: 2022-07-12

Summary

Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running in the container.

Vulnerable Configurations

Part	Description	Count
Application	Talend Talend ESB Runtime 5.1	1

References

https://jira.talendforge.org/browse/SF-141
https://help.talend.com/r/en-US/7.3/release-notes-esb-products