8.020230221

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

NONE

network

low complexity

talend

NVD

Published: 2023-05-26

Updated: 2023-06-02

Summary

Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog server.)

Vulnerable Configurations

Part	Description	Count
Application	Talend Talend Data Catalog - Talend Data Catalog 7.3-20210930 Talend Data Catalog 8.0-20230221	3

References

https://help.talend.com/r/en-US/Talend-Products-CVEs/Talend-Products-CVEs