Security Portal
Talend's Security Program
Talend maintains an Information Security Program to ensure the confidentiality, integrity, and availability of all computer and data communication systems while meeting the necessary legislative, industry, and contractual requirements.
Talend policies, procedures, and standards are based on the International Organization for Standardization (ISO)/International Electrotechnical Commission (IEC) 27001. In addition, we use an independent third-party body to audit our compliance with leading industry standards periodically.
Frameworks and Certifications
Talend is reviewed and trusted by
Documents
Risk Profile
Product Security
Reports
Self-Assessments
Data Security
App Security
Legal
Data Privacy
Access Control
Infrastructure
Endpoint Security
Network Security
Corporate Security
Policies
Security Grades
Trust Center Updates
Product Security announcement - CVE-2023-31444 affecting Talend Studio Microservices
IncidentsCopy linkTalend security team released a new advisory on Talend Studio Microservices deployments. Talend recommend customers to assess their exposure and apply the mitigation steps by updating the affected components to the latest patch version.
https://www.talend.com/security/incident-response/#CVE-2023-31444
Talend's security team is pleased to announce the release of the latest certificates, compliance and audit reports for SOC1, SOC2, HIPAA, ISO 27001, ISO 27701 and Cloud Security Alliance (CSA) Security, Trust & Assurance Registry (STAR). These certifications and reports demonstrate our commitment to ensuring the highest levels of security and compliance for our customers.
Our SOC1 and SOC2 reports provide independent verification of the effectiveness of our internal controls and processes related to financial reporting, system security, availability, processing integrity, and confidentiality. Our HIPAA compliance demonstrates our commitment to protecting sensitive patient information, while our ISO 27001 and ISO 27701 certifications demonstrate our commitment to information security and privacy management.
Thank you for choosing Talend as your trusted partner. Talend Security Team
Product Security announcement - CVE-2023-26263 and CVE-2023-26264 affecting Talend Data Catalog
IncidentsCopy linkAdditional details and instructions have been posted on those two advisories. Please refer to https://www.talend.com/security/incident-response/#CVE-2023-26264
Talend security team released two advisories affecting Talend Data Catalog 8.0 and prior versions. While the severities are in the process to be determined, Talend recommend customers to assess their exposure and apply the mitigation steps by updating the affected components to the latest patch version.
https://www.talend.com/security/incident-response/#CVE-2023-26264
Product Security announcement - CVE-2022-45588 and CVE-2022-45589 affecting Talend components
IncidentsCopy linkAdditional details and instructions have been posted on those two advisories. Please refer to https://www.talend.com/security/incident-response/#CVE-2022-45588
Talend security team released two advisories affecting Talend Remote Engine Gen2 and Talend ESB Runtime components. While the severities are in the process to be determined, Talend recommend customers to assess their exposure and apply the mitigation steps by updating the affected components to the latest patch version.
https://www.talend.com/security/incident-response/#CVE-2022-45588
Update: Feb. 21, 2023
Talend has been working diligently on addressing the situation throughout our Product portfolio and are in process of developing the code fix to address the impacted Products.
Statement
To trigger the High Severity vulnerability (CVE-2023-0286), the software must meet with 2 rare conditions such as (1) use of 3rd-party controlled CRLs (encoded as an uncommon X.400 address format) and certificates, and (2) download and verify them in real-time (again very uncommon).
Although, we are not aware of any such behaviors in our software, we advise our customers to update the affected components to the latest patch version once available.
Impacted products:
- Talend Change Data Capture (CDC) - all versions up to 7.16
Non-impacted products:
- Rest of Talend software
If you need additional details or assistance, please contact Talend Support on Talend Support portal (https://login.talend.com/support-login.php) or by sending an email to customercare@talend.com.
Talend is aware of and monitoring the OpenSSL security advisory published on 7th February 2023.
Talend teams are scoping the remediation efforts throughout its Product portfolio and is in the process of developing fixes and remediations to address the vulnerability.
This post will be further updated with latest available information
Talend security team is aware of the recent Okta code repository breach disclosure. Per Okta statement, Talend system has not been impacted and Talend security team continue to monitor the situation.
Okta statement : "There is no impact to any customers, including any HIPAA, FedRAMP or DoD customers. No action is required by customers."
Talend is aware of and monitoring the pre-announced OpenSSL 3.x (CVE-2022-3602 and CVE-2022-3786) security vulnerability.
Talend is scoping the remediation efforts throughout its Product portfolio and is in the process of developing fixes and remediations to address the vulnerability.
Update: November 1, 2022
To the best of our knowledge and the information currently available, Talend products are not impacted by CVE-2022-3602 and CVE-2022-3786 security vulnerabilities present in OpenSSL 3.0.x
While not directly exposed to vulnerable version of OpenSSL, we have proactively implemented preventative mitigations and continuous monitoring in Talend Cloud as an added precaution.