CVSS: 6.1EPSS: 0%CPEs: 3EXPL: 0CVE-2022-31648
https://notcve.org/view.php?id=CVE-2022-31648
Talend Administration Center is vulnerable to a reflected Cross-Site Scripting (XSS) issue in the SSO login endpoint. The issue is fixed for versions 8.0.x in TPS-5233, for versions 7.3.x in TPS-5324, and for versions 7.2.x in TPS-5235. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version. Talend Administration Center es vulnerable a un problema de tipo Cross-Site Scripting (XSS) reflejado en el endponit de inicio de sesión de SSO. El problema ha sido corregido para las versiones 8.0.x en TPS-5233, para versiones 7.3.x en TPS-5324 y para versiones 7.2.x en TPS-5235. • https://talend.com https://www.talend.com/security/incident-response/#CVE-2022-31648 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29943
https://notcve.org/view.php?id=CVE-2022-29943
Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version. Talend Administration Center, presenta una vulnerabilidad que permite a un usuario autenticado usar el procesamiento de tipo XML External Entity (XXE) para conseguir acceso de lectura como root en el sistema de archivos remoto. El problema ha sido corregido para las versiones 8.0.x en TPS-5189, las versiones 7.3.x en TPS-5175 y las versiones 7.2.x en TPS-5201. • https://Talend.com https://www.talend.com/security/incident-response/#CVE-2022-29942 • CWE-611: Improper Restriction of XML External Entity Reference •
CVSS: 6.5EPSS: 0%CPEs: 3EXPL: 0CVE-2022-29942
https://notcve.org/view.php?id=CVE-2022-29942
Talend Administration Center has a vulnerability that allows an authenticated user to use the Service Registry 'Add' functionality to perform SSRF HTTP GET requests on URLs in the internal network. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version. Talend Administration Center presenta una vulnerabilidad que permite a un usuario autenticado usar la funcionalidad Add" del Registro de Servicios para llevar a cabo peticiones GET HTTP de tipo SSRF en URLs de la red interna. El problema ha sido corregido para las versiones 8.0.x en TPS-5189, las versiones 7.3.x en TPS-5175 y las versiones 7.2.x en TPS-5201. • https://Talend.com https://www.talend.com/security/incident-response/#CVE-2022-29942 • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-42837
https://notcve.org/view.php?id=CVE-2021-42837
An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth provider can be used as the username with an arbitrary password, and login will succeed. Se ha detectado un problema en Talend Data Catalog versiones anteriores a 7.3-20210930. Después de configurar SAML/OAuth, la autenticación no se aplica correctamente en la página de inicio de sesión nativa. • https://jira.talendforge.org/browse/TAPACHE-180 https://www.talend.com/resources • CWE-287: Improper Authentication •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-40684
https://notcve.org/view.php?id=CVE-2021-40684
Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running in the container. Talend ESB Runtime en todas las versiones desde 5.1 hasta 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, presenta un endpoint HTTP Jolokia no autenticado que permite el acceso remoto al JMX del contenedor de tiempo de ejecución, que permitiría a un atacante la capacidad de leer o modificar el contenedor o el software ejecutándose en el contenedor • https://help.talend.com/r/en-US/7.3/release-notes-esb-products https://jira.talendforge.org/browse/SF-141 •