Vulnerabilities > Talend > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-13 | CVE-2023-26263 | XXE vulnerability in Talend Data Catalog 7.320210930 All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity (XXE) attacks in the /MIMBWebServices/license endpoint of the remote harvesting server. | 5.5 |
| 2023-04-13 | CVE-2023-26264 | XXE vulnerability in Talend Data Catalog 7.320210930 All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity (XXE) attacks in the license parsing code. | 5.5 |
| 2023-01-10 | CVE-2022-30332 | Information Exposure Through Discrepancy vulnerability in Talend Administration Center 7.3.1 In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. | 5.3 |
| 2022-12-28 | CVE-2022-4818 | XXE vulnerability in Talend Open Studio for MDM A vulnerability was found in Talend Open Studio for MDM. | 4.3 |
| 2022-05-26 | CVE-2022-31648 | Cross-site Scripting vulnerability in Talend Administration Center 7.2.0/7.3.0/8.0.0 Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. | 4.3 |
| 2022-05-04 | CVE-2022-29942 | Server-Side Request Forgery (SSRF) vulnerability in Talend Administration Center 7.2.0/7.3.0/8.0.0 Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network. | 4.0 |
| 2022-05-04 | CVE-2022-29943 | XXE vulnerability in Talend Administration Center 7.2.0/7.3.0/8.0.0 Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem. | 6.8 |
| 2021-09-22 | CVE-2021-40684 | Unspecified vulnerability in Talend ESB Runtime 5.1 Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running in the container. | 6.4 |
| 2019-12-18 | CVE-2012-2656 | XXE vulnerability in Talend Restlet 1.1.10 An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive information. | 5.0 |