Security Advisory regarding TIBCO Hawk

book

Article ID: KB0107927

calendar_today

Updated On:

Products	Versions
TIBCO Hawk	6.2.0-6.2.3

Description

Original release date: May 14, 2024
Last revised: ---
CVE-2024-3182
Source: TIBCO Software Inc.
Description
The components listed above contain a vulnerability that allows the TIBCO Hawk user’s
Enterprise Message Service (EMS) password to be exposed outside of the hawkagent.cfg and
hawkevent.cfg config files.
Impact
The impact of this vulnerability includes the theoretical possibility that an attacker could access
the message stream of the EMS server, or in the worst case, gain administrative access to the
server. It is recommended that the EMS password utilized by the TIBCO Hawk components be
changed as soon as possible.
CVSS v3 Base Score: 6.5 (Medium) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

Environment

Products Affected TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3. Component Affected: TIBCO Hawk Universal Installer including the Silent Installer

Resolution

Upgrade the TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3 to 6.2.4.

NOTE: This resolution applies to a standalone Hawk installations only. Embedded Hawk usage with the TIBCO Runtime Agent on an EMS-based TRA domain is not impacted, please refer to KB Article : 000053195 https://support.tibco.com/s/article/Impact-of-Hawk-CVE-2024-3182-on-TIBCO-Runtime-Agent-embedded-Hawk

Issue/Introduction

Security Advisory regarding TIBCO Hawk install-time password disclosure vulnerability

Additional Information

https://community.tibco.com/advisories/tibco-security-advisory-may-14-2024-tibco-hawk-cve-2024-3182-r213/

CVE-2024-3182

Feedback

thumb_up Yes

thumb_down No

Welcome to "KB Articles"