5 matches found
CVE-2023-26264
Talend Data Catalog (all versions before 8.0-20220907) is reported vulnerable to XML External Entity (XXE) attacks. The issue is in the license parsing code; for CVE-2023-26263 the XXE can be triggered via the /MIMBWebServices/license endpoint in remote harvesting flows, with CVSSv3.1 metrics ind...
CVE-2023-26263
Talend Data Catalog (Talend) is affected by an XML External Entity (XXE) vulnerability tracked as CVE-2023-26263. The issue exists in the license endpoint of the remote harvesting server (at /MIMBWebServices/license) and affects all versions prior to 8.0-20230110. The CVSS base metrics indicate a...
CVE-2021-42837
Talend Data Catalog prior to 7.3-20210930 contains an authentication bypass on the native login page after configuring SAML/OAuth. The issue allows any valid user from the SAML/OAuth provider to be used as a username with an arbitrary password, enabling login and access. This is caused by imprope...
CVE-2023-33247
Talend Data Catalog before version 8.0-20230413 is affected by a vulnerability on the remote harvesting server’s /upgrade endpoint that permits deploying an unauthenticated WAR file. The underlying issue is the ability to push arbitrary WARs to the server without authentication, enabling potentia...
CVE-2023-36301
Talend Data Catalog prior to 8.0-20230221 contains a directory traversal vulnerability in HeaderImageServlet (CVE-2023-36301). The NVD entry lists CVSS v3.1 base score 7.5 (HIGH) with Network attack vector, no user interaction, no privileges required, and with confidentiality impact high. Affecte...