CVE-2021-40684

Published: Sep 22, 2021Modified: Nov 21, 2024

9.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Exploitability: 3.9 / Impact: 5.2

Source: NVD

Description

Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running in the container.

Affected (1)

Products: Talend: Esb Runtime

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Talend Esb Runtime	From 5.1 to 7.1.1-r2021-09

References (4)

https://help.talend.com/r/en-US/7.3/release-notes-esb-products

Source: cve@mitre.org

Release NotesVendor Advisory

https://jira.talendforge.org/browse/SF-141

Source: cve@mitre.org

PatchVendor Advisory

https://help.talend.com/r/en-US/7.3/release-notes-esb-products

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://jira.talendforge.org/browse/SF-141

Source: af854a3a-2127-422b-91ae-364da2661108

PatchVendor Advisory

Timeline

No history available yet.