XML External Entity Vulnerability in Talend Data Catalog
CVE-2023-26264

5.5MEDIUM

Key Information:

Vendor: Talend
Status: Data Catalog
Vendor: CVE Published:; 13 April 2023

What is CVE-2023-26264?

Talend Data Catalog, specifically in all versions prior to 8.0-20220907, is susceptible to XML External Entity (XXE) attacks. This vulnerability arises from weaknesses in the license parsing process, potentially allowing an attacker to manipulate XML input and gain unauthorized access to sensitive data or perform unintended actions. Users of Talend Data Catalog should ensure they upgrade to a secure version to mitigate risks associated with this vulnerability.

References

https://talend.com

https://www.talend.com/security/incident-response/#CVE-20...

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 13, 2023
Vulnerability Reserved
Feb 21, 2023

CVE-2023-26264 Data

JSON