CRITICAL🇵🇱 Wersja polska

CVE-2021-40684

CVSS 9.1v3.1pub. 2021-09-22upd. 2024-11-21

Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running in the container.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
  • Talend Esb Runtime

    APP
    Talend
    5.1 – 7.1.1-r2021-09 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Container
CWE
References

Related vulnerabilities

CVE-2022-45589HIGH7.2ten sam produkt

All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerab...

CVE-2021-42837CRITICAL9.8ten sam vendor

An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authenticatio...

CVE-2014-2228CRITICAL9.8ten sam vendor

The XStream extension in HP Fortify SCA before 2.2 RC3 allows remote attackers to execute arbitrary code via u...

CVE-2023-36301HIGH7.5ten sam vendor

Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet.

CVE-2023-33247HIGH7.5ten sam vendor

Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an u...