Skip to main content

Data Catalog

5 CVEs product

Monthly

CVE-2023-36301 HIGH This Week

Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Data Catalog
NVD
CVSS 3.1
7.5
EPSS
0.9%
CVE-2023-33247 HIGH This Week

Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Data Catalog
NVD
CVSS 3.1
7.5
EPSS
0.5%
CVE-2023-26264 MEDIUM This Month

All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity (XXE) attacks in the license parsing code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Data Catalog
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2023-26263 MEDIUM This Month

All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity (XXE) attacks in the /MIMBWebServices/license endpoint of the remote harvesting server. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Data Catalog
NVD
CVSS 3.1
5.5
EPSS
0.2%
CVE-2021-42837 CRITICAL Act Now

An issue was discovered in Talend Data Catalog before 7.3-20210930. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Data Catalog
NVD
CVSS 3.1
9.8
EPSS
1.2%
EPSS 1% CVSS 7.5
HIGH This Week

Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal Data Catalog
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Data Catalog
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity (XXE) attacks in the license parsing code. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Data Catalog
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity (XXE) attacks in the /MIMBWebServices/license endpoint of the remote harvesting server. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XXE Data Catalog
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

An issue was discovered in Talend Data Catalog before 7.3-20210930. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Data Catalog
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy