Vulnerabilities > Talend
|2023-02-06||CVE-2022-45589|| SQL Injection vulnerability in Talend ESB Runtime 5.1/7.1.1R202109 |
All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only.
| 9.8 |
|2023-02-03||CVE-2022-45588|| XXE vulnerability in Talend Remote Engine GEN 2 |
All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks.
| 9.8 |
|2023-01-10||CVE-2022-30332|| Weak Password Recovery Mechanism for Forgotten Password vulnerability in Talend Administration Center 7.3.1 |
In Talend Administration Center 22.214.171.12400219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account.
| 5.3 |
|2023-01-09||CVE-2021-4311|| XXE vulnerability in Talend Open Studio |
A vulnerability classified as problematic was found in Talend Open Studio for MDM.
| 9.8 |
|2022-12-28||CVE-2022-4818|| XXE vulnerability in Talend Open Studio for MDM |
A vulnerability was found in Talend Open Studio for MDM.
| 4.3 |
|2022-05-26||CVE-2022-31648|| Cross-site Scripting vulnerability in Talend Administration Center 7.2.0/7.3.0/8.0.0 |
Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint.
| 4.3 |
|2022-05-04||CVE-2022-29942|| Server-Side Request Forgery (SSRF) vulnerability in Talend Administration Center 7.2.0/7.3.0/8.0.0 |
Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network.
| 4.0 |
|2022-05-04||CVE-2022-29943|| XXE vulnerability in Talend Administration Center 7.2.0/7.3.0/8.0.0 |
Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem.
| 6.8 |
|2021-11-05||CVE-2021-42837|| Improper Authentication vulnerability in Talend Data Catalog |
An issue was discovered in Talend Data Catalog before 7.3-20210930.
| 7.5 |
|2021-09-22||CVE-2021-40684|| Unspecified vulnerability in Talend ESB Runtime 5.1 |
Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running in the container.
| 6.4 |