CVE-2022-45589
https://notcve.org/view.php?id=CVE-2022-45589
All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Users of the provisioning service should upgrade to either 8.0.1-R2022-10-RT or 7.3.1-R2022-09-RT or a later release and use it in place of the previous version. • http://talend.com https://www.talend.com/security/incident-response/#CVE-2022-45588 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVE-2022-45588
https://notcve.org/view.php?id=CVE-2022-45588
All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks. Users should download the R2022-09 release or later and use it in place of the previous version. Talend Remote Engine Gen 1 and Talend Cloud Engine for Design are not impacted. This XXE vulnerability could only be exploited by someone with the appropriate rights to edit pipelines on the Talend platform. It could not be triggered remotely or by other user input. • http://talend.com https://www.talend.com/security/incident-response/#CVE-2022-45588 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2022-30332
https://notcve.org/view.php?id=CVE-2022-30332
In Talend Administration Center 7.3.1.20200219 before TAC-15950, the Forgot Password feature provides different error messages for invalid reset attempts depending on whether the email address is associated with any account. This allows remote attackers to enumerate accounts via a series of requests. En Talend Administration Center 7.3.1.20200219 anterior a TAC-15950, la función Forgot Password proporciona diferentes mensajes de error para intentos de restablecimiento no válidos dependiendo de si la dirección de correo electrónico está asociada con alguna cuenta. Esto permite a atacantes remotos enumerar cuentas mediante una serie de solicitudes. • https://cwe.mitre.org/data/definitions/204.html https://excellium-services.com/cert-xlm-advisory/CVE-2022-30332 https://help.talend.com/r/62tbPt7y~tPTxAB7y7KpeQ/H45WqEF32geNEZiGJnRwmw • CWE-203: Observable Discrepancy •
CVE-2021-4311 – Talend Open Studio for MDM XML xml external entity reference
https://notcve.org/view.php?id=CVE-2021-4311
A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to xml external entity reference. The patch is identified as 31d442b9fb1d518128fd18f6e4d54e06c3d67793. It is recommended to apply a patch to fix this issue. • https://github.com/Talend/tmdm-server-se/commit/31d442b9fb1d518128fd18f6e4d54e06c3d67793 https://github.com/Talend/tmdm-server-se/pull/1420 https://vuldb.com/?ctiid.217666 https://vuldb.com/?id.217666 • CWE-611: Improper Restriction of XML External Entity Reference •
CVE-2022-4818 – Talend Open Studio for MDM SystemStorageWrapper.java xml external entity reference
https://notcve.org/view.php?id=CVE-2022-4818
A vulnerability was found in Talend Open Studio for MDM. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file org.talend.mdm.core/src/com/amalto/core/storage/SystemStorageWrapper.java. The manipulation leads to xml external entity reference. Upgrading to version 20221220_1938 is able to address this issue. • https://github.com/Talend/tmdm-server-se/commit/95590db2ad6a582c371273ceab1a73ad6ed47853 https://github.com/Talend/tmdm-server-se/pull/1598 https://github.com/Talend/tmdm-server-se/releases/tag/snap%2Fmaster%2F20221220_1938 https://vuldb.com/?ctiid.216997 https://vuldb.com/?id.216997 • CWE-611: Improper Restriction of XML External Entity Reference •