Lucene search
K
TalendData Catalog

5 matches found

CVE
CVE
added 2023/04/13 12:0 a.m.165 views

CVE-2023-26264

Talend Data Catalog (all versions before 8.0-20220907) is reported vulnerable to XML External Entity (XXE) attacks. The issue is in the license parsing code; for CVE-2023-26263 the XXE can be triggered via the /MIMBWebServices/license endpoint in remote harvesting flows, with CVSSv3.1 metrics ind...

5.5CVSS5.5AI score0.00211EPSS
CVE
CVE
added 2023/04/13 12:0 a.m.46 views

CVE-2023-26263

Talend Data Catalog (Talend) is affected by an XML External Entity (XXE) vulnerability tracked as CVE-2023-26263. The issue exists in the license endpoint of the remote harvesting server (at /MIMBWebServices/license) and affects all versions prior to 8.0-20230110. The CVSS base metrics indicate a...

5.5CVSS5.5AI score0.00218EPSS
Web
CVE
CVE
added 2021/11/05 5:20 p.m.45 views

CVE-2021-42837

Talend Data Catalog prior to 7.3-20210930 contains an authentication bypass on the native login page after configuring SAML/OAuth. The issue allows any valid user from the SAML/OAuth provider to be used as a username with an arbitrary password, enabling login and access. This is caused by imprope...

9.8CVSS9.5AI score0.01157EPSS
CVE
CVE
added 2023/05/26 12:0 a.m.45 views

CVE-2023-33247

Talend Data Catalog before version 8.0-20230413 is affected by a vulnerability on the remote harvesting server’s /upgrade endpoint that permits deploying an unauthenticated WAR file. The underlying issue is the ability to push arbitrary WARs to the server without authentication, enabling potentia...

7.5CVSS7.5AI score0.0046EPSS
CVE
CVE
added 2023/06/26 12:0 a.m.40 views

CVE-2023-36301

Talend Data Catalog prior to 8.0-20230221 contains a directory traversal vulnerability in HeaderImageServlet (CVE-2023-36301). The NVD entry lists CVSS v3.1 base score 7.5 (HIGH) with Network attack vector, no user interaction, no privileges required, and with confidentiality impact high. Affecte...

7.5CVSS7.5AI score0.00932EPSS