Vulnerability Details : CVE-2021-40684
Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running in the container.
Products affected by CVE-2021-40684
- cpe:2.3:a:talend:esb_runtime:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-40684
0.18%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 55 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-40684
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.4
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:P/A:N |
10.0
|
4.9
|
NIST | |
9.1
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |
3.9
|
5.2
|
NIST |
References for CVE-2021-40684
-
https://jira.talendforge.org/browse/SF-141
[SF-141] [CVE-2021-40684] - Talend ESB Runtime deploys unauthenticated Jolokia by default - Talend Open Integration SolutionPatch;Vendor Advisory
-
https://help.talend.com/r/en-US/7.3/release-notes-esb-products
Monthly releases • Talend ESB products Release Notes • Reader • Welcome to Talend Help CenterRelease Notes;Vendor Advisory
Jump to