Unauthenticated Remote Access Vulnerability in Talend ESB Runtime
CVE-2021-40684

9.1CRITICAL

Key Information:

Vendor: Talend
Status: Esb Runtime
Vendor: CVE Published:; 22 September 2021

What is CVE-2021-40684?

The Talend ESB Runtime is vulnerable due to an unauthenticated Jolokia HTTP endpoint present in versions 5.1 through 7.3.1-R2021-09, as well as 7.2.1-R2021-09 and 7.1.1-R2021-09. This vulnerability allows remote attackers to exploit the exposed JMX (Java Management Extensions) interface. Such access provides the ability to read or modify the contents of the runtime container or the software it executes, potentially leading to unauthorized control or manipulation of critical systems.

References

https://help.talend.com/r/en-US/7.3/release-notes-esb-pro...

x_refsource_MISC

https://jira.talendforge.org/browse/SF-141

x_refsource_MISC

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 22, 2021
Vulnerability Reserved
Sep 7, 2021

CVE-2021-40684 Data

JSON