CVE-2023-26219

CVSS 3.1 Score 7.4 of 10 (high)

Details

Published Oct 25, 2023
Updated: Nov 2, 2023
CWE ID 798

Summary

CVE-2023-26219 is a vulnerability found in the Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent. This vulnerability could potentially allow an attacker with access to the log of the Hawk Console and Agent to obtain credentials used to access associated EMS servers. The affected releases are TIBCO Hawk versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail versions 7.2.1 and below, and TIBCO Runtime Agent versions 5.12.2 and below. The risk score assigned to this vulnerability is 65 out of 100, with a base severity of high (7.4 out of 10). The confidentiality impact is rated as high while integrity impact is none and availability impact is none. The exploitability score is 2.8 out of 10, indicating a moderate level of difficulty for exploitation. No user interaction or privileges are required for exploitation, and the attack vector is through an adjacent network.

Remediation steps have not been provided in the given information.

This vulnerability poses a potential danger to organizations using the affected products as it could lead to unauthorized access to EMS servers if exploited by attackers with log access to the Hawk Console and Agent components.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-26219 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options