CVE-2022-45589

Severity Score

7.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Users of the provisioning service should upgrade to either 8.0.1-R2022-10-RT or 7.3.1-R2022-09-RT or a later release and use it in place of the previous version.

*Credits: N/A

CVSS Scores

NISTv3.1 7.2

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-11-21 CVE Reserved
2023-02-06 CVE Published
2024-08-03 CVE Updated
2024-08-29 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

CAPEC

References (2)

URL	Tag	Source
http://talend.com	Product

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC
https://www.talend.com/security/incident-response/#CVE-2022-45588	2023-04-03

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Talend Search vendor "Talend"		Esb Runtime Search vendor "Talend" for product "Esb Runtime"				< 7.3.1-r2022-09-rt Search vendor "Talend" for product "Esb Runtime" and version " < 7.3.1-r2022-09-rt"		-		Affected
Talend Search vendor "Talend"		Esb Runtime Search vendor "Talend" for product "Esb Runtime"				>= 8.0 < 8.0.1-r2022-10-rt Search vendor "Talend" for product "Esb Runtime" and version " >= 8.0 < 8.0.1-r2022-10-rt"		-		Affected