TIBCO Operational Intelligence Hawk RedTail Credential Exposure Vulnerability

Original release date: October 24, 2023
Last revised: —
CVE-2023-26219
Source: TIBCO Software Inc.

Description

The components listed above contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers.

Impact

The impact of this vulnerability includes the theoretical possibility that an attacker could access the message stream of the EMS server, or in the worst case, gain administrative access to the server.

CVSS v3.1 Base Score: 7.4 (CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N)

TIBCO has released updated versions of the affected systems which address this issue:

• TIBCO Hawk 6.2.2 and below: update to version 6.2.3 or later
• TIBCO Operational Intelligence Hawk RedTail 7.2.1 and below: update to version 7.2.2 or later
• TIBCO Hawk Distribution for TIBCO Silver Fabric 6.2.2 and below: update to version 6.2.3 or later
• TIBCO Runtime Agent 5.12.2 and below: update to version 5.12.3 or later