Vulnerabilities > Talend

DATE CVE VULNERABILITY TITLE RISK
2022-05-26 CVE-2022-31648 Cross-site Scripting vulnerability in Talend Administration Center 7.2.0/7.3.0/8.0.0
Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint.
network
low complexity
talend CWE-79
6.1
2022-05-04 CVE-2022-29942 Server-Side Request Forgery (SSRF) vulnerability in Talend Administration Center 7.2.0/7.3.0/8.0.0
Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network.
network
low complexity
talend CWE-918
6.5
2022-05-04 CVE-2022-29943 XXE vulnerability in Talend Administration Center 7.2.0/7.3.0/8.0.0
Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem.
network
low complexity
talend CWE-611
6.5
2021-11-05 CVE-2021-42837 Improper Authentication vulnerability in Talend Data Catalog
An issue was discovered in Talend Data Catalog before 7.3-20210930.
network
low complexity
talend CWE-287
critical
9.8
2021-09-22 CVE-2021-40684 Unspecified vulnerability in Talend ESB Runtime 5.1
Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running in the container.
network
low complexity
talend
critical
9.1
2020-02-19 CVE-2014-2228 XML Entity Expansion vulnerability in Talend Restlet 1.1.10/2.1.7/2.2
The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via unsafe deserialization of XML messages.
network
low complexity
talend CWE-776
critical
9.8
2019-12-18 CVE-2012-2656 XXE vulnerability in Talend Restlet 1.1.10
An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive information.
network
low complexity
talend CWE-611
7.5