Talend Open Studio MDM XXE via SystemStorageWrapper
CVE-2022-4818 Published on December 28, 2022
Talend Open Studio for MDM SystemStorageWrapper.java xml external entity reference
A vulnerability was found in Talend Open Studio for MDM. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file org.talend.mdm.core/src/com/amalto/core/storage/SystemStorageWrapper.java. The manipulation leads to xml external entity reference. Upgrading to version 20221220_1938 is able to address this issue. The name of the patch is 95590db2ad6a582c371273ceab1a73ad6ed47853. It is recommended to upgrade the affected component. The identifier VDB-216997 was assigned to this vulnerability.
Timeline
Countermeasure disclosed
Advisory disclosed 8 days later.
VulDB entry created
VulDB last update
Weakness Type
What is a XXE Vulnerability?
The software processes an XML document that can contain XML entities with URIs that resolve to documents outside of the intended sphere of control, causing the product to embed incorrect documents into its output.
CVE-2022-4818 has been classified to as a XXE vulnerability or weakness.
Products Associated with CVE-2022-4818
Want to know whenever a new CVE is published for Talend Open Studio For Mdm? stack.watch will email you.
Affected Versions
Talend Open Studio for MDM Version n/a is affected by CVE-2022-4818Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.