Impact of Hawk-CVE-2024-3182 on TIBCO Runtime Agent embedded Hawk
Article ID: KB0107928
Updated On:
| Products | Versions |
|---|---|
| TIBCO Hawk | 6.2.0, 6.2.1, 6.2.2, and 6.2.3 |
Description
On May 14, 2024, TIBCO announced a Security Advisory for Hawk CVE-2024-3182, please refer to KB Article: https://support.tibco.com/s/article/Hawk202404 please note that:
- This Security Advisory only affects standalone Hawk when EMS is configured during the standalone Hawk installation process.
- TIBCO Runtime Agent (TRA) bundled embedded Hawk and EMS-based TRA domain are NOT affected (RV-based domain is also unaffected).
- The affected Hawk versions are 6.2.0, 6.2.1, 6.2.2, and 6.2.3.
Environment
All
Resolution
For any customer who is affected by this Security Advisory, they can apply the approaches below:
1. The customer must change the EMS password for the EMS user used by standalone Hawk, and then update the password for standalone Hawk configuration files (under cfgmgmt/hawk/bin). - This applies to standalone Hawk or the customer installed a standalone Hawk on top of TRA.
2. Upgrade to Hawk 6.2.4 - this applies to standalone Hawk only as Hawk 6.2.4 has not been certified with TRA officially.
If you have further questions, please contact TIBCO Support.
1. The customer must change the EMS password for the EMS user used by standalone Hawk, and then update the password for standalone Hawk configuration files (under cfgmgmt/hawk/bin). - This applies to standalone Hawk or the customer installed a standalone Hawk on top of TRA.
2. Upgrade to Hawk 6.2.4 - this applies to standalone Hawk only as Hawk 6.2.4 has not been certified with TRA officially.
If you have further questions, please contact TIBCO Support.
Issue/Introduction
Impact of Hawk-CVE-2024-3182 on TIBCO Runtime Agent embedded Hawk
Feedback
Yes
No
Powered by
