Vulnerability Description
All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks. Users should download the R2022-09 release or later and use it in place of the previous version. Talend Remote Engine Gen 1 and Talend Cloud Engine for Design are not impacted. This XXE vulnerability could only be exploited by someone with the appropriate rights to edit pipelines on the Talend platform. It could not be triggered remotely or by other user input.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Talend | Remote Engine Gen 2 | < r2022-09 |
Related Weaknesses (CWE)
References
- http://talend.comVendor Advisory
- https://www.talend.com/security/incident-response/#CVE-2022-45588Vendor Advisory
- http://talend.comVendor Advisory
- https://www.talend.com/security/incident-response/#CVE-2022-45588Vendor Advisory
FAQ
What is CVE-2022-45588?
CVE-2022-45588 is a vulnerability with a CVSS score of 7.8 (HIGH). All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks. Users should download the R2022-09 release or later and use it in ...
How severe is CVE-2022-45588?
CVE-2022-45588 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-45588?
Check the references section above for vendor advisories and patch information. Affected products include: Talend Remote Engine Gen 2.