CVE-2024-10218 — XML External Entity (XXE) Injection in Software INC Tibco Hawk

CWE-611 — XML External Entity (XXE) Injection3 documents3 sources

Severity

9.2CRITICALNVD

EPSS

0.1%

top 77.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Tibco Software INC Tibco Hawk Tibco Software INC Tibco Operational Intelligence

Timeline

PublishedNov 12

Description

XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:L/SI:N/SA:H

Affected Packages2 packages

▶CVEListV5tibco_software_inc/tibco_operational_intelligence7.3 — 0

▶CVEListV5tibco_software_inc/tibco_hawk6.2 — 5

🔴Vulnerability Details

GHSA

GHSA-gcg5-h35m-25rv: XSS Attack in mar↗2024-11-12

▶

CVEList

TIBCO Hawk Stored-XEE Vulnerability↗2024-11-12

▶