Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running in the container.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NTalend Esb Runtime
APPTalend5.1 – 7.1.1-r2021-09 (bez)
Related vulnerabilities
All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerab...
An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authenticatio...
The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via u...
Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet.
Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an u...