CVE-2022-29943
MEDIUMTalend Administration Center - Authenticated XML External Entity Injection
Title source: llmDescription
Talend Administration Center has a vulnerability that allows an authenticated user to use XML External Entity (XXE) processing to achieve read access as root on the remote filesystem. The issue is fixed for versions 8.0.x in TPS-5189, versions 7.3.x in TPS-5175, and versions 7.2.x in TPS-5201. Earlier versions of Talend Administration Center may also be impacted; users are encouraged to update to a supported version.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://Talend.com
Vendor Advisory x_refsource_misc
https://www.talend.com/security/incident-response/#CVE-2022-29942
Scores
CVSS v3
6.5
EPSS
0.0077
EPSS Percentile
50.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-611
Status
published
Products (3)
talend/administration_center
7.2.0
talend/administration_center
7.3.0
talend/administration_center
8.0.0
Published
May 04, 2022
Tracked Since
Feb 18, 2026