← Back

Data Catalog

data_catalog

Vendor: Talend • 5 CVEs

CVEs (5)

CVE
VENDORS
PRODUCTS
UPDATED
PUBLISHED
CVSS
CVE-2023-36301
1Talend
1Data Catalog
Nov 21, 2024
Jun 26, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet.
CVE-2023-33247
1Talend
1Data Catalog
Jan 16, 2025
May 26, 2023
N/A· v4
7.5 HIGH· v3
N/A· v2
Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server shoul...Show more
Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog server.)Show less
CVE-2023-26264
1Talend
1Data Catalog
Feb 7, 2025
Apr 13, 2023
N/A· v4
5.5 MEDIUM· v3
N/A· v2
All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity (XXE) attacks in the license parsing code.
CVE-2023-26263
1Talend
1Data Catalog
Feb 7, 2025
Apr 13, 2023
N/A· v4
5.5 MEDIUM· v3
N/A· v2
All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity (XXE) attacks in the /MIMBWebServices/license endpoint of the remote harvesting server.
CVE-2021-42837
1Talend
1Data Catalog
Nov 21, 2024
Nov 5, 2021
N/A· v4
9.8 CRITICAL· v3
7.5 HIGH· v2
An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth provider can be used...Show more
An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth provider can be used as the username with an arbitrary password, and login will succeed.Show less