CVE-2021-40684

EUVD-2021-27856
Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running in the container.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
Affected Products (NVD)
VendorProductVersion
talendesb_runtime
5.1 ≤
𝑥
< 7.1.1-r2021-09
𝑥
= Vulnerable software versions
References
https://help.talend.com/r/en-US/7.3/release-notes-esb-products
https://jira.talendforge.org/browse/SF-141
https://help.talend.com/r/en-US/7.3/release-notes-esb-products
https://jira.talendforge.org/browse/SF-141