All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Users of the provisioning service should upgrade to either 8.0.1-R2022-10-RT or 7.3.1-R2022-09-RT or a later release and use it in place of the previous version.
References
Link | Resource |
---|---|
http://talend.com | Product |
https://www.talend.com/security/incident-response/#CVE-2022-45588 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
03 Apr 2023, 18:54
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.2 |
16 Mar 2023, 03:15
Type | Values Removed | Values Added |
---|---|---|
Summary | All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Users of the provisioning service should upgrade to either 8.0.1-R2022-10-RT or 7.3.1-R2022-09-RT or a later release and use it in place of the previous version. |
14 Feb 2023, 19:03
Type | Values Removed | Values Added |
---|---|---|
First Time |
Talend esb Runtime
Talend |
|
CWE | CWE-89 | |
CPE | cpe:2.3:a:talend:esb_runtime:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 9.8 |
References | (MISC) http://talend.com - Product | |
References | (MISC) https://www.talend.com/security/incident-response/#CVE-2022-45588 - Vendor Advisory |
06 Feb 2023, 21:39
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-02-06 21:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-45589
Mitre link : CVE-2022-45589
CVE.ORG link : CVE-2022-45589
JSON object : View
Products Affected
talend
- esb_runtime
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')