Impact of Hawk-CVE-2024-3182 on TIBCO Runtime Agent embedded Hawk

Impact of Hawk-CVE-2024-3182 on TIBCO Runtime Agent embedded Hawk

book

Article ID: KB0107928

calendar_today

Updated On:

Products Versions
TIBCO Hawk 6.2.0, 6.2.1, 6.2.2, and 6.2.3

Description

On May 14, 2024, TIBCO announced a Security Advisory for Hawk CVE-2024-3182, please refer to KB Article: https://support.tibco.com/s/article/Hawk202404  please note that:

- This Security Advisory only affects standalone Hawk when EMS is configured during the standalone Hawk installation process.

- TIBCO Runtime Agent (TRA) bundled embedded Hawk and EMS-based TRA domain are NOT affected (RV-based domain is also unaffected).

- The affected Hawk versions are 6.2.0, 6.2.1, 6.2.2, and 6.2.3.

 

Issue/Introduction

Impact of Hawk-CVE-2024-3182 on TIBCO Runtime Agent embedded Hawk

Environment

All

Resolution

For any customer who is affected by this Security Advisory, they can apply the approaches below:

1. The customer must change the EMS password for the EMS user used by standalone Hawk, and then update the password for standalone Hawk configuration files (under cfgmgmt/hawk/bin). - This applies to standalone Hawk or the customer installed a standalone Hawk on top of TRA.

2. Upgrade to Hawk 6.2.4 - this applies to standalone Hawk only as Hawk 6.2.4 has not been certified with TRA officially.

If you have further questions, please contact TIBCO Support.
 
Powered by Wolken Software