Vulnerability Details CVE-2023-33247
Talend Data Catalog remote harvesting server before 8.0-20230413 contains a /upgrade endpoint that allows an unauthenticated WAR file to be deployed on the server. (A mitigation is that the remote harvesting server should be behind a firewall that only allows access to the Talend Data Catalog server.)
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 32.4%
CVSS Severity
CVSS v3 Score 7.5
References
Products affected by CVE-2023-33247
-
cpe:2.3:a:talend:data_catalog:-
-
cpe:2.3:a:talend:data_catalog:7.3-20210930
-
cpe:2.3:a:talend:data_catalog:8.0-20230221