Lucene search

[email protected]CVE-2023-26219

HistoryOct 25, 2023 - 6:17 p.m.

CVE-2023-26219

2023-10-2518:17:25

CWE-798

[email protected]

web.nvd.nist.gov

tibco

software

inc.

hawk

distribution

silver fabric

operational intelligence

redtail

runtime agent

log

access

vulnerability

cve-2023-26219

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.4%

JSON

The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.

Affected configurations

NVD

Node

tibcohawkRange<6.2.3

tibcohawk_distribution_for_tibco_silver_fabricRange<6.2.3

tibcooperational_intelligence_hawk_redtailRange<7.2.2

tibcoruntime_agentRange<5.12.3

CPENameOperatorVersion
tibco:hawktibco hawklt6.2.3
tibco:hawk_distribution_for_tibco_silver_fabrictibco hawk distribution for tibco silver fabriclt6.2.3
tibco:operational_intelligence_hawk_redtailtibco operational intelligence hawk redtaillt7.2.2
tibco:runtime_agenttibco runtime agentlt5.12.3

CPE	Name	Operator	Version
tibco:hawk	tibco hawk	lt	6.2.3
tibco:hawk_distribution_for_tibco_silver_fabric	tibco hawk distribution for tibco silver fabric	lt	6.2.3
tibco:operational_intelligence_hawk_redtail	tibco operational intelligence hawk redtail	lt	7.2.2
tibco:runtime_agent	tibco runtime agent	lt	5.12.3

CNA Affected

[
  {
    "defaultStatus": "unaffected",
    "product": "TIBCO Hawk",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "6.2.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TIBCO Hawk Distribution for TIBCO Silver Fabric",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "6.2.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TIBCO Operational Intelligence Hawk RedTail",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "7.2.1",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  },
  {
    "defaultStatus": "unaffected",
    "product": "TIBCO Runtime Agent",
    "vendor": "TIBCO Software Inc.",
    "versions": [
      {
        "lessThanOrEqual": "5.12.2",
        "status": "affected",
        "version": "0",
        "versionType": "semver"
      }
    ]
  }
]

References

www.tibco.com/services/support/advisories

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.5 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

19.4%

JSON

Related for CVE-2023-26219

cvelist1 nvd1 prion1