Security Advisory regarding TIBCO Hawk
Article ID: KB0107927
Updated On:
| Products | Versions |
|---|---|
| TIBCO Hawk | 6.2.0-6.2.3 |
Description
Original release date: May 14, 2024
Last revised: ---
CVE-2024-3182
Source: TIBCO Software Inc.
Description
The components listed above contain a vulnerability that allows the TIBCO Hawk user’s
Enterprise Message Service (EMS) password to be exposed outside of the hawkagent.cfg and
hawkevent.cfg config files.
Impact
The impact of this vulnerability includes the theoretical possibility that an attacker could access
the message stream of the EMS server, or in the worst case, gain administrative access to the
server. It is recommended that the EMS password utilized by the TIBCO Hawk components be
changed as soon as possible.
CVSS v3 Base Score: 6.5 (Medium) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Last revised: ---
CVE-2024-3182
Source: TIBCO Software Inc.
Description
The components listed above contain a vulnerability that allows the TIBCO Hawk user’s
Enterprise Message Service (EMS) password to be exposed outside of the hawkagent.cfg and
hawkevent.cfg config files.
Impact
The impact of this vulnerability includes the theoretical possibility that an attacker could access
the message stream of the EMS server, or in the worst case, gain administrative access to the
server. It is recommended that the EMS password utilized by the TIBCO Hawk components be
changed as soon as possible.
CVSS v3 Base Score: 6.5 (Medium) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Issue/Introduction
Security Advisory regarding TIBCO Hawk install-time password disclosure vulnerability
Environment
Products Affected
TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3.
Component Affected:
TIBCO Hawk Universal Installer including the Silent Installer
Resolution
Upgrade the TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3 to 6.2.4.
NOTE: This resolution applies to a standalone Hawk installations only. Embedded Hawk usage with the TIBCO Runtime Agent on an EMS-based TRA domain is not impacted, please refer to KB Article : 000053195 https://support.tibco.com/s/article/Impact-of-Hawk-CVE-2024-3182-on-TIBCO-Runtime-Agent-embedded-Hawk
NOTE: This resolution applies to a standalone Hawk installations only. Embedded Hawk usage with the TIBCO Runtime Agent on an EMS-based TRA domain is not impacted, please refer to KB Article : 000053195 https://support.tibco.com/s/article/Impact-of-Hawk-CVE-2024-3182-on-TIBCO-Runtime-Agent-embedded-Hawk
Additional Information
https://community.tibco.com/advisories/tibco-security-advisory-may-14-2024-tibco-hawk-cve-2024-3182-r213/
CVE-2024-3182Feedback
Yes
No
Powered by
