Jump to content
  • TIBCO Security Advisory: May 14, 2024 - TIBCO Hawk - CVE-2024-3182

    TIBCO Hawk install-time password disclosure vulnerability 

    Original release date: May 14, 2024
    Last revised: ---
    Source: TIBCO Software Inc.

    Products Affected

    TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3.

    Component Affected:

    TIBCO Hawk Universal Installer including the Silent Installer



    The components listed above contain a vulnerability that allows the TIBCO Hawk user’s Enterprise Message Service (EMS) password to be exposed outside of the hawkagent.cfg and hawkevent.cfg config files.



    The impact of this vulnerability includes the theoretical possibility that an attacker could access the message stream of the EMS server, or in the worst case, gain administrative access to the server. It is recommended that the EMS password utilized by the TIBCO Hawk components be changed as soon as possible.

    CVSS v3 Base Score: 6.5 (Medium) CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N


    Upgrade the TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3 to 6.2.4.




  • Create New...