cvedb.io
CVE-2021-40684
CRITICAL · CVSS 9.1
EPSS exploitation probability: 0%
Published 2021-09-22T17:15:12.313 · Last modified 2026-06-17T04:07:15.337

Summary

Talend ESB Runtime in all versions from 5.1 to 7.3.1-R2021-09, 7.2.1-R2021-09, 7.1.1-R2021-09, has an unauthenticated Jolokia HTTP endpoint which allows remote access to the JMX of the runtime container, which would allow an attacker the ability to read or modify the container or software running in the container.

Affected products

talend — esb_runtime

Does this affect you?

Add your gear to cvedb and we'll alert you only when talend ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.