CVE-2023-26219

Summary

CVE-2023-26219 is a vulnerability found in the Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent. This vulnerability could potentially allow an attacker with access to the log of the Hawk Console and Agent to obtain credentials used to access associated EMS servers. The affected releases are TIBCO Hawk versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail versions 7.2.1 and below, and TIBCO Runtime Agent versions 5.12.2 and below. The risk score assigned to this vulnerability is 65 out of 100, with a base severity of high (7.4 out of 10). The confidentiality impact is rated as high while integrity impact is none and availability impact is none. The exploitability score is 2.8 out of 10, indicating a moderate level of difficulty for exploitation. No user interaction or privileges are required for exploitation, and the attack vector is through an adjacent network. Remediation steps have not been provided in the given information. This vulnerability poses a potential danger to organizations using the affected products as it could lead to unauthorized access to EMS servers if exploited by attackers with log access to the Hawk Console and Agent components.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.