Vulnerabilities > Talend > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-06-26 | CVE-2023-36301 | Path Traversal vulnerability in Talend Data Catalog 7.320210930 Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet. | 7.5 |
| 2023-05-26 | CVE-2023-33247 | Unspecified vulnerability in Talend Data Catalog 7.320210930/8.020230221 Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. | 7.5 |
| 2023-04-28 | CVE-2023-31444 | Unspecified vulnerability in Talend Studio 8.0.0 In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. | 7.5 |
| 2023-02-06 | CVE-2022-45589 | SQL Injection vulnerability in Talend ESB Runtime 5.1/7.1.1R202109/8.0 All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. | 7.2 |
| 2023-02-03 | CVE-2022-45588 | XXE vulnerability in Talend Remote Engine GEN 2 All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks. | 7.8 |
| 2019-12-18 | CVE-2012-2656 | XXE vulnerability in Talend Restlet 1.1.10 An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive information. | 7.5 |