XML External Entity Vulnerability in Talend Remote Engine
CVE-2022-45588

7.8HIGH

Key Information:

Vendor: Talend
Status: Remote Engine Gen 2
Vendor: CVE Published:; 3 February 2023

What is CVE-2022-45588?

Talend's Remote Engine Gen 2 is susceptible to XML External Entity (XXE) attacks in all versions prior to R2022-09. This vulnerability could be exploited by users who have permission to edit pipelines, but it cannot be triggered remotely or through other forms of user input. To mitigate the risk, it is recommended that users upgrade to the R2022-09 release or later. Notably, Talend Remote Engine Gen 1 and Talend Cloud Engine for Design are unaffected.

References

http://talend.com

https://www.talend.com/security/incident-response/#CVE-20...

CVSS V3.1

Score:

7.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 3, 2023
Vulnerability Reserved
Nov 21, 2022

CVE-2022-45588 Data

JSON