Unauthenticated Remote Access to JVM via Jolokia JMX-HTTP Bridge in Talend Studio

Unauthenticated Remote Access to JVM via Jolokia JMX-HTTP Bridge in Talend Studio

CVE-2023-31444 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

In Talend Studio before 7.3.1-R2022-10 and 8.x before 8.0.1-R2022-09, microservices allow unauthenticated access to the Jolokia endpoint of the microservice. This allows for remote access to the JVM via the Jolokia JMX-HTTP bridge.

Learn more about our Web Application Penetration Testing UK.