13 matches found
EUVD-2023-30087
Malicious code in bioql PyPI...
EUVD-2023-37415
Malicious code in bioql PyPI...
CVE-2023-33247
Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog serv...
CVE-2023-26263
All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity XXE attacks in the /MIMBWebServices/license endpoint of the remote harvesting server...
CVE-2023-33247
Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog serv...
CVE-2023-33247
Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog serv...
Code injection
Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog serv...
CVE-2023-33247
Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog serv...
PT-2023-24242 · Talend · Talend Data Catalog
Name of the Vulnerable Software and Affected Versions: Talend Data Catalog versions prior to 8.0-20230413 Description: The issue concerns the remote harvesting server, which contains a "/upgrade" endpoint that allows an unauthenticated WAR file to be deployed on the server. A mitigation measure i...
CVE-2023-33247
Talend Data Catalog before version 8.0-20230413 is affected by a vulnerability on the remote harvesting server’s /upgrade endpoint that permits deploying an unauthenticated WAR file. The underlying issue is the ability to push arbitrary WARs to the server without authentication, enabling potentia...
CVE-2023-33247
Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog serv...
Xxe
All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity XXE attacks in the /MIMBWebServices/license endpoint of the remote harvesting server...
CVE-2023-26263
All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity XXE attacks in the /MIMBWebServices/license endpoint of the remote harvesting server...