Talend Esb Runtime vulnerabilities
2 known vulnerabilities affecting talend/esb_runtime.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH1
Vulnerabilities
Page 1 of 1
CVE-2021-40684P1CRITICALCVSS 9.1Exploited≥ 5.1, < 7.1.1-r2021-092021-09-22
CVE-2021-40684 [CRITICAL] CVE-2021-40684: Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has a
Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running in the container.
nvd
CVE-2022-45589P3HIGHCVSS 7.2fixed in 7.3.1-r2022-09-rt≥ 8.0, < 8.0.1-r2022-10-rt2023-02-06
CVE-2022-45589 [HIGH] CWE-89 CVE-2022-45589: All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentiall
All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Users of the provisioning service should upgrade to either 8.0.1-R2022-10-RT or 7.3.1-R2022-09-RT or a later release and use it in place of the previous version.
nvd