CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-2022-45589
https://notcve.org/view.php?id=CVE-2022-45589
All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Users of the provisioning service should upgrade to either 8.0.1-R2022-10-RT or 7.3.1-R2022-09-RT or a later release and use it in place of the previous version. • http://talend.com https://www.talend.com/security/incident-response/#CVE-2022-45588 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40684
https://notcve.org/view.php?id=CVE-2021-40684
Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running in the container. Talend ESB Runtime en todas las versiones desde 5.1 hasta 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, presenta un endpoint HTTP Jolokia no autenticado que permite el acceso remoto al JMX del contenedor de tiempo de ejecución, que permitiría a un atacante la capacidad de leer o modificar el contenedor o el software ejecutándose en el contenedor • https://help.talend.com/r/en-US/7.3/release-notes-esb-products https://jira.talendforge.org/browse/SF-141 •