CVE-2022-45589 - Vulnerability Details - OpenCVE

ReportizFlow

All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Users of the provisioning service should upgrade to either 8.0.1-R2022-10-RT or 7.3.1-R2022-09-RT or a later release and use it in place of the previous version.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Talend	Esb Runtime

Configuration 1 [-]

OR	cpe:2.3:a:talend:esb_runtime::::::::
	cpe:2.3:a:talend:esb_runtime::::::::

No data.

References

Link	Providers
http://talend.com
https://www.talend.com/security/incident-response/#CVE-2022-45588

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-02-06T00:00:00

Updated: 2024-08-03T14:17:03.885Z

Reserved: 2022-11-21T00:00:00

Link: CVE-2022-45589

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-06T21:15:09.530

Modified: 2024-11-21T07:29:28.097

Link: CVE-2022-45589

Redhat

No data.

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:talend:esb_runtime:*:*:*:*:*:*:*:*", "matchCriteriaId": "9065DA19-BC43-48B3-87E5-E5C074F4A29B", "versionEndExcluding": "7.3.1-r2022-09-rt", "vulnerable": true}, {"criteria": "cpe:2.3:a:talend:esb_runtime:*:*:*:*:*:*:*:*", "matchCriteriaId": "D99A0D68-6FF1-4299-9D06-2493636BC65F", "versionEndExcluding": "8.0.1-r2022-10-rt", "versionStartIncluding": "8.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "All versions before 8.0.1-R2022-10-RT and 7.3.1-R2022-09-RT of the Talend ESB Runtime are potentially vulnerable to SQL Injection attacks in the provisioning service only. Users of the provisioning service should upgrade to either 8.0.1-R2022-10-RT or 7.3.1-R2022-09-RT or a later release and use it in place of the previous version."}, {"lang": "es", "value": "Todas las versiones anteriores a 8.0.1-R2022-10-RT y 7.3.1-R2022-09-RT de Talend ESB Runtime son potencialmente vulnerables a ataques de inyecci\u00f3n SQL \u00fanicamente en el servicio de aprovisionamiento. Los usuarios del servicio de aprovisionamiento deben actualizar a 8.0.1-R2022-10-RT o 7.3.1-R2022-09-RT o una versi\u00f3n posterior y utilizarla en lugar de la versi\u00f3n anterior."}], "id": "CVE-2022-45589", "lastModified": "2024-11-21T07:29:28.097", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-02-06T21:15:09.530", "references": [{"source": "[email protected]", "tags": ["Product"], "url": "http://talend.com"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "https://www.talend.com/security/incident-response/#CVE-2022-45588"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Product"], "url": "http://talend.com"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.talend.com/security/incident-response/#CVE-2022-45588"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "[email protected]", "type": "Primary"}]}