Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running in the container.
References
Link | Resource |
---|---|
https://help.talend.com/r/en-US/7.3/release-notes-esb-products | Release Notes Vendor Advisory |
https://jira.talendforge.org/browse/SF-141 | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2021-09-22T16:35:35
Updated: 2021-09-22T16:35:35
Reserved: 2021-09-07T00:00:00
Link: CVE-2021-40684
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-09-22T17:15:12.313
Modified: 2022-07-12T17:42:04.277
Link: CVE-2021-40684
JSON object: View
Redhat Information
No data.
CWE