CVE-2022-4818
Talend Open Studio for MDM SystemStorageWrapper.java xml external entity reference
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
A vulnerability was found in Talend Open Studio for MDM. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file org.talend.mdm.core/src/com/amalto/core/storage/SystemStorageWrapper.java. The manipulation leads to xml external entity reference. Upgrading to version 20221220_1938 is able to address this issue. The name of the patch is 95590db2ad6a582c371273ceab1a73ad6ed47853. It is recommended to upgrade the affected component. The identifier VDB-216997 was assigned to this vulnerability.
Se encontró una vulnerabilidad en Talend Open Studio para MDM. Ha sido declarada problemática. Una función desconocida del archivo org.talend.mdm.core/src/com/amalto/core/storage/SystemStorageWrapper.java es afectada por esta vulnerabilidad. La manipulación conduce a una referencia de entidad externa xml. La actualización a la versión 20221220_1938 puede solucionar este problema. El nombre del parche es 95590db2ad6a582c371273ceab1a73ad6ed47853. Se recomienda actualizar el componente afectado. A esta vulnerabilidad se le asignó el identificador VDB-216997.
In Talend Open Studio for MDM wurde eine problematische Schwachstelle ausgemacht. Betroffen ist eine unbekannte Verarbeitung der Datei org.talend.mdm.core/src/com/amalto/core/storage/SystemStorageWrapper.java. Dank der Manipulation mit unbekannten Daten kann eine xml external entity reference-Schwachstelle ausgenutzt werden. Ein Aktualisieren auf die Version 20221220_1938 vermag dieses Problem zu lösen. Der Patch wird als 95590db2ad6a582c371273ceab1a73ad6ed47853 bezeichnet. Als bestmögliche Massnahme wird das Einspielen eines Upgrades empfohlen.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-12-28 CVE Reserved
- 2022-12-28 CVE Published
- 2024-07-20 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-611: Improper Restriction of XML External Entity Reference
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://github.com/Talend/tmdm-server-se/pull/1598 | Issue Tracking | |
https://vuldb.com/?id.216997 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Talend Search vendor "Talend" | Open Studio For Mdm Search vendor "Talend" for product "Open Studio For Mdm" | < 20221220_1938 Search vendor "Talend" for product "Open Studio For Mdm" and version " < 20221220_1938" | - |
Affected
|