Talend Jobserver
Monthly
Unauthenticated remote code execution via JMX monitoring port affects Talend JobServer and Talend Runtime (CVSS 9.8). Attackers can exploit the exposed JMX interface without authentication to execute arbitrary code with JobServer privileges. Vendor-released patches available (Talend ESB Runtime R2024-07-RT). No confirmed active exploitation (CISA KEV status: NO), but the trivial attack complexity (AC:L) and network accessibility (AV:N) present significant risk for exposed instances. EPSS data not provided.
Unauthenticated remote code execution via JMX monitoring port affects Talend JobServer and Talend Runtime (CVSS 9.8). Attackers can exploit the exposed JMX interface without authentication to execute arbitrary code with JobServer privileges. Vendor-released patches available (Talend ESB Runtime R2024-07-RT). No confirmed active exploitation (CISA KEV status: NO), but the trivial attack complexity (AC:L) and network accessibility (AV:N) present significant risk for exposed instances. EPSS data not provided.