Unauthenticated Access Vulnerability in Talend Studio Microservices
CVE-2023-31444

7.5HIGH

Key Information:

Vendor: Talend
Status: Studio
Vendor: CVE Published:; 28 April 2023

What is CVE-2023-31444?

An unauthenticated access vulnerability exists in Talend Studio microservices, allowing attackers to access the Jolokia endpoint without authentication. This flaw could lead to unauthorized remote access to the Java Virtual Machine (JVM) through the Jolokia JMX-HTTP bridge, exposing sensitive data and potentially enabling further exploitation of the application.

References

https://talend.com

https://www.talend.com/security/incident-response/#CVE-20...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 28, 2023
Vulnerability Reserved
Apr 28, 2023

CVE-2023-31444 Data

JSON