Vulnerabilities > CVE-2022-29943 - XXE vulnerability in Talend Administration Center 7.2.0/7.3.0/8.0.0

047910
CVSS 6.8 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
COMPLETE
Integrity impact
NONE
Availability impact
NONE
network
low complexity
talend
CWE-611

Summary

Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version.