Strix
26.1K

CVE-2022-45588

HIGHCVSS 7.8/10EPSS 0.19%

Last modified

CVE-2022-45588 is a high-severity vulnerability rated 7.8/10 on the CVSS scale. All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks. Users should download the R2022-09 release or later and use it in place of the previous version. EPSS estimates a 0.19% chance of exploitation in the next 30 days.

Description

All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks. Users should download the R2022-09 release or later and use it in place of the previous version. Talend Remote Engine Gen 1 and Talend Cloud Engine for Design are not impacted. This XXE vulnerability could only be exploited by someone with the appropriate rights to edit pipelines on the Talend platform. It could not be triggered remotely or by other user input.

Metrics

CVSS 3.1
7.8/10

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

EPSS Probability
0.19%

8.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
TalendRemote Engine Gen 2< r2022-09

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2022-45588?
All versions before R2022-09 of Talend's Remote Engine Gen 2 are potentially vulnerable to XML External Entity (XXE) type of attacks. Users should download the R2022-09 release or later and use it in place of the previous version. Talend Remote Engine Gen 1 and Talend Cloud Engine for Design are not impacted. This XXE vulnerability could only be exploited by someone with the appropriate rights to edit pipelines on the Talend platform. It could not be triggered remotely or by other user input.
How severe is CVE-2022-45588?
CVE-2022-45588 has a CVSS score of 7.8/10 (HIGH severity). The EPSS model estimates a 0.19% probability of exploitation in the next 30 days.
How do I fix CVE-2022-45588?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2022-45588?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST