CVE-2022-45588

Name of the Vulnerable Software and Affected Versions Talend Remote Engine Gen 2 versions prior to R2022-09 Talend ESB Runtime versions prior to 7.3.1-R2022-09-RT Talend ESB Runtime versions prior to 8.0.1-R2022-10-RT

Description The issue is related to XML External Entity (XXE) and SQL Injection attacks. For the XXE vulnerability, it could only be exploited by someone with the appropriate rights to edit pipelines on the Talend platform and could not be triggered remotely or by other user input. The SQL Injection attacks are limited to the provisioning service.

Recommendations For Talend Remote Engine Gen 2 versions prior to R2022-09, download the R2022-09 release or later and use it in place of the previous version. For Talend ESB Runtime versions prior to 7.3.1-R2022-09-RT, upgrade to 7.3.1-R2022-09-RT or a later release. For Talend ESB Runtime versions prior to 8.0.1-R2022-10-RT, upgrade to 8.0.1-R2022-10-RT or a later release.