Cyber Resilience

CVE-2021-40684

Critical

Published: 22 September 2021

Published
22 September 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score 0.0062 70.4th percentile
Risk Priority 19 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-40684 is a critical-severity an unspecified weakness vulnerability in Talend Esb Runtime. Its CVSS base score is 9.1 (Critical).

Operationally, ranked in the top 29.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify…

more

the container or software running in the container.

CWE(s)

Related Threats

Threat-Actor AttributionAI

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs | CISA
Andariel (G0138)
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs | CISA
Storm-0530
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs | CISA
Maui ransomware
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs | CISA

Affected Assets

talend
esb runtime
5.1 — 7.1.1-r2021-09

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References