Security Advisory Regarding TIBCO Operational Intelligence Hawk Redtail

Security Advisory Regarding TIBCO Operational Intelligence Hawk Redtail

book

Article ID: KB0107948

calendar_today

Updated On:

Products Versions
TIBCO Hawk 6.2.1 and below

Description

TIBCO Operational Intelligence Hawk Redtail Credential Exposure Vulnerability

  Original release date: February 14, 2023
  Last revised: ---
  Source: TIBCO Software Inc.

Description

  The component listed above contains a vulnerability that will return the EMS
  transport password and EMS SSL password to a privileged user.

Impact

  The impact of this vulnerability includes the theoretical possibility of an
  authenticated Hawk Console user gaining administrative access to the EMS
  server.

  CVSS v3.1 Base Score: 6.8 (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N)

Environment

Products Affected TIBCO Hawk versions 6.2.1 and below TIBCO Operational Intelligence Hawk RedTail versions 7.2.0 and below The following component is affected: * Hawk Console

Resolution

  TIBCO has released updated versions of the affected systems which address this
  issue:

  TIBCO Hawk versions 6.2.1 and below: update to version 6.2.2 or later

  TIBCO Operational Intelligence Hawk RedTail versions 7.2.0 and below: update
    to version 7.2.1 or later
 

Issue/Introduction

Security Advisory Regarding TIBCO Operational Intelligence Hawk Redtail Credential Exposure Vulnerability

Additional Information

  https://www.tibco.com/services/support/advisories
  CVE-2022-41564