GCVE - cpe:2.3:a:talend:data_catalog:*:*:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:talend:data_catalog:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Talend (`9b22321a-eaa7-58f8-bb74-69e38b4bec6f`)
Product	Data Catalog (`f90e8b1a-fcb5-5023-ae48-c94817ba4dc3`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2023-36301`	vulnerable	2026-06-08 06:06:28.696015	Details available Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet. Published: 2023-06-26T00:00:00.000Z Updated: 2024-12-03T15:37:46.528Z Open on db.gcve.eu Reference links https://help.talend.com/r/en-US/Talend-Products-CVEs/Talend-Products-CVEs	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-33247`	vulnerable	2026-06-08 06:06:22.122442	Details available Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog server.) Published: 2023-05-26T00:00:00.000Z Updated: 2025-01-16T16:05:51.746Z Open on db.gcve.eu Reference links https://help.talend.com/r/en-US/Talend-Products-CVEs/Talend-Products-CVEs	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-26264`	vulnerable	2026-06-08 05:57:38.990885	Details available All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity (XXE) attacks in the license parsing code. Published: 2023-04-13T00:00:00.000Z Updated: 2025-02-07T15:57:16.380Z Open on db.gcve.eu Reference links https://talend.com https://www.talend.com/security/incident-response/#CVE-2023-26264	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2023-26263`	vulnerable	2026-06-08 05:57:38.990461	Details available All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity (XXE) attacks in the /MIMBWebServices/license endpoint of the remote harvesting server. Published: 2023-04-13T00:00:00.000Z Updated: 2025-02-07T16:28:48.876Z Open on db.gcve.eu Reference links https://talend.com https://www.talend.com/security/incident-response/#CVE-2023-26264	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2021-42837`	vulnerable	2026-06-08 05:35:22.966646	Details available An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth provider can be used as the username with an arbitrary password, and login will succeed. Published: 2021-11-05T17:20:39.000Z Updated: 2024-08-04T03:38:50.217Z Open on db.gcve.eu Reference links https://www.talend.com/resources/ https://jira.talendforge.org/browse/TAPACHE-180	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.