CVE-2021-40684
Critical
Published: 22 September 2021
Published
22 September 2021
Modified
21 November 2024
KEV Added
—
Patch
—
CVSS Score v3.1
9.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
0.0062
70.4th percentile
Risk Priority
19
60% EPSS · 20% KEV · 20% CVSS
Summary
CVE-2021-40684 is a critical-severity an unspecified weakness vulnerability in Talend Esb Runtime. Its CVSS base score is 9.1 (Critical).
Operationally, ranked in the top 29.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-27856
Vulnerability details
Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify…
more
the container or software running in the container.
- CWE(s)
Related Threats
Threat-Actor AttributionAI
Lazarus Group (G0032)
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs | CISA
Andariel (G0138)
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs | CISA
Storm-0530
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs | CISA
Maui ransomware
North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs | CISA
Affected Assets
talend
esb runtime
5.1 — 7.1.1-r2021-09
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.