Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running in the container.
References
Link | Resource |
---|---|
https://jira.talendforge.org/browse/SF-141 | Patch Vendor Advisory |
https://help.talend.com/r/en-US/7.3/release-notes-esb-products | Release Notes Vendor Advisory |
Configurations
Information
Published : 2021-09-22 10:15
Updated : 2022-07-12 10:42
NVD link : CVE-2021-40684
Mitre link : CVE-2021-40684
JSON object : View
CWE
Products Affected
talend
- esb_runtime