Vulnerabilities > Talend

DATE CVE VULNERABILITY TITLE RISK
2023-06-26 CVE-2023-36301 Path Traversal vulnerability in Talend Data Catalog 7.320210930
Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet.
network
low complexity
talend CWE-22
7.5
2023-05-26 CVE-2023-33247 Unspecified vulnerability in Talend Data Catalog 7.320210930
Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server.
network
low complexity
talend
7.5
2023-04-28 CVE-2023-31444 Unspecified vulnerability in Talend Studio
In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice.
network
low complexity
talend
7.5
2023-04-13 CVE-2023-26263 XXE vulnerability in Talend Data Catalog 7.320210930
All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity (XXE) attacks in the /MIMBWebServices/license endpoint of the remote harvesting server.
local
low complexity
talend CWE-611
5.5
2023-04-13 CVE-2023-26264 XXE vulnerability in Talend Data Catalog 7.320210930
All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity (XXE) attacks in the license parsing code.
local
low complexity
talend CWE-611
5.5
2023-02-06 CVE-2022-45589 SQL Injection vulnerability in Talend ESB Runtime 5.1/7.1.1R202109
All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only.
network
low complexity
talend CWE-89
critical
9.8
2023-02-03 CVE-2022-45588 XXE vulnerability in Talend Remote Engine GEN 2
All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks.
network
low complexity
talend CWE-611
critical
9.8
2023-01-10 CVE-2022-30332 Information Exposure Through Discrepancy vulnerability in Talend Administration Center 7.3.1
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account.
network
low complexity
talend CWE-203
5.3
2023-01-09 CVE-2021-4311 XXE vulnerability in Talend Open Studio
A vulnerability classified as problematic was found in Talend Open Studio for MDM.
network
low complexity
talend CWE-611
critical
9.8
2022-12-28 CVE-2022-4818 XXE vulnerability in Talend Open Studio for MDM
A vulnerability was found in Talend Open Studio for MDM.
network
low complexity
talend CWE-611
4.3