CVE-2021-4311

A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to xml external entity reference. The patch is identified as 31d442b9fb1d518128fd18f6e4d54e06c3d67793. It is recommended to apply a patch to fix this issue. VDB-217666 is the identifier assigned to this vulnerability.

CVSS v3 9.8 CRITICAL
CVSS v2.0 4.9 MEDIUM

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

4.9^/10

CVSS v2.0 : MEDIUM

Vector : AV:A/AC:M/Au:S/C:P/I:P/A:P

Exploitability : 4.4 / Impact : 6.4

Access Vector ADJACENT_NETWORK

Access Complexity MEDIUM

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://github.com/Talend/tmdm-server-se/commit/31d442b9fb1d518128fd18f6e4d54e06c3d67793	Patch
https://github.com/Talend/tmdm-server-se/pull/1420	Patch
https://vuldb.com/?ctiid.217666	Third Party Advisory
https://vuldb.com/?id.217666	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:talend:open_studio:*:*:*:*:*:mdm:*:*

History

11 Apr 2024, 01:13

Type	Values Removed	Values Added
Summary		(es) Se ha encontrado una vulnerabilidad en Talend Open Studio for MDM y se ha clasificado como problemática. Esta vulnerabilidad afecta a código desconocido del componente XML Handler. La manipulación conduce a una referencia de entidad externa xml. El parche se identifica como 31d442b9fb1d518128fd18f6e4d54e06c3d67793. Se recomienda aplicar un parche para solucionar este problema. VDB-217666 es el identificador asignado a esta vulnerabilidad.

29 Feb 2024, 01:33

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-01-09 12:15

Updated : 2024-04-11 01:13

NVD link : CVE-2021-4311

Mitre link : CVE-2021-4311

CVE.ORG link : CVE-2021-4311

JSON object : View

Products Affected

talend

open_studio

CWE

CWE-611

Improper Restriction of XML External Entity Reference

{"id": "CVE-2021-4311", "metrics": {"cvssMetricV2": [{"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"version": "2.0", "baseScore": 4.9, "accessVector": "ADJACENT_NETWORK", "vectorString": "AV:A/AC:M/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 4.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "cna@vuldb.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 3.4, "exploitabilityScore": 2.1}]}, "published": "2023-01-09T12:15:15.587", "references": [{"url": "https://github.com/Talend/tmdm-server-se/commit/31d442b9fb1d518128fd18f6e4d54e06c3d67793", "tags": ["Patch"], "source": "cna@vuldb.com"}, {"url": "https://github.com/Talend/tmdm-server-se/pull/1420", "tags": ["Patch"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?ctiid.217666", "tags": ["Third Party Advisory"], "source": "cna@vuldb.com"}, {"url": "https://vuldb.com/?id.217666", "tags": ["Third Party Advisory"], "source": "cna@vuldb.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-611"}]}, {"type": "Secondary", "source": "cna@vuldb.com", "description": [{"lang": "en", "value": "CWE-611"}]}], "descriptions": [{"lang": "en", "value": "A vulnerability classified as problematic was found in Talend Open Studio for MDM. This vulnerability affects unknown code of the component XML Handler. The manipulation leads to xml external entity reference. The patch is identified as 31d442b9fb1d518128fd18f6e4d54e06c3d67793. It is recommended to apply a patch to fix this issue. VDB-217666 is the identifier assigned to this vulnerability."}, {"lang": "es", "value": "Se ha encontrado una vulnerabilidad en Talend Open Studio for MDM y se ha clasificado como problem\u00e1tica. Esta vulnerabilidad afecta a c\u00f3digo desconocido del componente XML Handler. La manipulaci\u00f3n conduce a una referencia de entidad externa xml. El parche se identifica como 31d442b9fb1d518128fd18f6e4d54e06c3d67793. Se recomienda aplicar un parche para solucionar este problema. VDB-217666 es el identificador asignado a esta vulnerabilidad."}], "lastModified": "2024-04-11T01:13:42.470", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:talend:open_studio:*:*:*:*:*:mdm:*:*", "vulnerable": true, "matchCriteriaId": "E869AF41-DD54-4570-B1E4-5A402D460967", "versionEndExcluding": "20230102_1935"}], "operator": "OR"}]}], "sourceIdentifier": "cna@vuldb.com"}