CVE-2022-41564 — Insufficiently Protected Credentials in Hawk

CWE-522 — Insufficiently Protected Credentials3 documents3 sources

Severity

6.5MEDIUMNVD

CNA6.8

EPSS

0.2%

top 55.09%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Hawk Tibco Operational Intelligence Hawk Redtail Tibco Software INC Tibco Hawk +1 more

Timeline

PublishedFeb 14

Description

The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.1.0 through 6.2.1 and TIBCO Operational Intelligence Hawk RedTail: versions 7.0.0 through 7.2.0.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

▶CVEListV5tibco_software_inc/tibco_operational_intelligence_hawk_redtailunspecified — 7.2.0

▶NVDtibco/operational_intelligence_hawk_redtail7.0.0 — 7.2.1

▶CVEListV5tibco_software_inc/tibco_hawkunspecified — 6.2.1

▶NVDtibco/hawk6.1.0 — 6.2.2

🔴Vulnerability Details

GHSA

GHSA-x8f4-mm5h-f849: The Hawk Console component of TIBCO Software Inc↗2023-02-14

▶

CVEList

TIBCO Operational Intelligence Hawk Redtail Credential Exposure Vulnerability↗2023-02-14

▶