Talend Data Catalog
Don't miss out!
Thousands of developers use stack.watch to stay informed.Get an email whenever new security vulnerabilities are reported in Talend Data Catalog.
By the Year
In 2026 there have been 0 vulnerabilities in Talend Data Catalog. Data Catalog did not have any published security vulnerabilities last year.
| Year | Vulnerabilities | Average Score |
|---|---|---|
| 2026 | 0 | 0.00 |
| 2025 | 0 | 0.00 |
| 2024 | 0 | 0.00 |
| 2023 | 4 | 6.50 |
| 2022 | 0 | 0.00 |
| 2021 | 1 | 9.80 |
It may take a day or so for new Data Catalog vulnerabilities to show up in the stats or in the list of recent security vulnerabilities. Additionally vulnerabilities may be tagged under a different product or component name.
Recent Talend Data Catalog Security Vulnerabilities
Talend Data Catalog <8.0 Dir Traversal via HeaderImageServlet CVE-2023-36301
CVE-2023-36301
7.5 - High
- June 26, 2023
Talend Data Catalog before 8.0-20230221 contain a directory traversal vulnerability in HeaderImageServlet.
Directory traversal
Talend Data Catalog <8.0-20230413: Unauth WAR via /upgrade (CVE-2023-33247)
CVE-2023-33247
7.5 - High
- May 26, 2023
Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog server.)
Talend Data Catalog 8.0-20220907 XXE Vulnerability in License Parser
CVE-2023-26264
5.5 - Medium
- April 13, 2023
All versions of Talend Data Catalog before 8.0-20220907 are potentially vulnerable to XML External Entity (XXE) attacks in the license parsing code.
XXE
Talend Data Catalog XXE at /MIMBWebServices/license (<=8.0-20230110)
CVE-2023-26263
5.5 - Medium
- April 13, 2023
All versions of Talend Data Catalog before 8.0-20230110 are potentially vulnerable to XML External Entity (XXE) attacks in the /MIMBWebServices/license endpoint of the remote harvesting server.
XXE
An issue was discovered in Talend Data Catalog before 7.3-20210930
CVE-2021-42837
9.8 - Critical
- November 05, 2021
An issue was discovered in Talend Data Catalog before 7.3-20210930. After setting up SAML/OAuth, authentication is not correctly enforced on the native login page. Any valid user from the SAML/OAuth provider can be used as the username with an arbitrary password, and login will succeed.
authentification
Stay on top of Security Vulnerabilities
Want an email whenever new vulnerabilities are published for Talend Data Catalog or by Talend? Click the Watch button to subscribe.
