Vulnerability Details : CVE-2023-33247
Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog server.)
Products affected by CVE-2023-33247
- cpe:2.3:a:talend:data_catalog:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2023-33247
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 24 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-33247
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
3.9
|
3.6
|
NIST |
References for CVE-2023-33247
-
https://help.talend.com/r/en-US/Talend-Products-CVEs/Talend-Products-CVEs
Talend Products CVEs • Talend Products CVEs • Reader • Welcome to Talend Help CenterVendor Advisory
Jump to