Vulnerabilities > Talend
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-26 | CVE-2023-36301 | Path Traversal vulnerability in Talend Data Catalog 7.320210930 Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet. | 7.5 |
| 2023-05-26 | CVE-2023-33247 | Unspecified vulnerability in Talend Data Catalog 7.320210930 Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. | 7.5 |
| 2023-04-28 | CVE-2023-31444 | Unspecified vulnerability in Talend Studio In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. | 7.5 |
| 2023-04-13 | CVE-2023-26263 | XXE vulnerability in Talend Data Catalog 7.320210930 All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity (XXE) attacks in the /MIMBWebServices/license endpoint of the remote harvesting server. | 5.5 |
| 2023-04-13 | CVE-2023-26264 | XXE vulnerability in Talend Data Catalog 7.320210930 All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity (XXE) attacks in the license parsing code. | 5.5 |
| 2023-02-06 | CVE-2022-45589 | SQL Injection vulnerability in Talend ESB Runtime 5.1/7.1.1R202109 All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. | 9.8 |
| 2023-02-03 | CVE-2022-45588 | XXE vulnerability in Talend Remote Engine GEN 2 All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks. | 9.8 |
| 2023-01-10 | CVE-2022-30332 | Information Exposure Through Discrepancy vulnerability in Talend Administration Center 7.3.1 In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. | 5.3 |
| 2023-01-09 | CVE-2021-4311 | XXE vulnerability in Talend Open Studio A vulnerability classified as problematic was found in Talend Open Studio for MDM. | 9.8 |
| 2022-12-28 | CVE-2022-4818 | XXE vulnerability in Talend Open Studio for MDM A vulnerability was found in Talend Open Studio for MDM. | 4.3 |