CVE-2022-41564 - OpenCVE

The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.1.0 through 6.2.1 and TIBCO Operational Intelligence Hawk RedTail: versions 7.0.0 through 7.2.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Tibco	Hawk Operational Intelligence Hawk Redtail

Configuration 1 [-]

OR	cpe:2.3:a:tibco:hawk::::::::
	cpe:2.3:a:tibco:operational_intelligence_hawk_redtail::::::::

No data.

References

Link	Providers
https://www.tibco.com/services/support/advisories

History

No history.

MITRE

Status: PUBLISHED

Assigner: tibco

Published: 2023-02-14T00:00:00

Updated: 2024-08-03T12:49:43.251Z

Reserved: 2022-09-26T00:00:00

Link: CVE-2022-41564

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-02-14T18:15:11.933

Modified: 2023-02-22T19:15:10.887

Link: CVE-2022-41564

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-41564", "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "assignerShortName": "tibco", "dateUpdated": "2024-08-03T12:49:43.251Z", "dateReserved": "2022-09-26T00:00:00", "datePublished": "2023-02-14T00:00:00"}, "containers": {"cna": {"title": "TIBCO Operational Intelligence Hawk Redtail Credential Exposure Vulnerability", "datePublic": "2023-02-14T00:00:00", "providerMetadata": {"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco", "dateUpdated": "2023-02-22T00:00:00"}, "descriptions": [{"lang": "en", "value": "The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.1.0 through 6.2.1 and TIBCO Operational Intelligence Hawk RedTail: versions 7.0.0 through 7.2.0."}], "affected": [{"vendor": "TIBCO Software Inc.", "product": "TIBCO Hawk", "versions": [{"version": "unspecified", "lessThanOrEqual": "6.2.1", "status": "affected", "versionType": "custom"}]}, {"vendor": "TIBCO Software Inc.", "product": "TIBCO Operational Intelligence Hawk RedTail", "versions": [{"version": "unspecified", "lessThanOrEqual": "7.2.0", "status": "affected", "versionType": "custom"}]}], "references": [{"url": "https://www.tibco.com/services/support/advisories"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "The impact of this vulnerability includes the theoretical possibility of an authenticated Hawk Console user gaining administrative access to the EMS server."}]}], "source": {"discovery": ""}, "solutions": [{"lang": "en", "value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Hawk versions 6.1.0 through 6.2.1: update to version 6.2.2 or later\nTIBCO Operational Intelligence Hawk RedTail versions 7.0.0 through 7.2.0: update to version 7.2.1 or later"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:49:43.251Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.tibco.com/services/support/advisories", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tibco:hawk:*:*:*:*:*:*:*:*", "matchCriteriaId": "9C065500-D6AC-46F8-878E-FA8911E0F51E", "versionEndExcluding": "6.2.2", "versionStartIncluding": "6.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:tibco:operational_intelligence_hawk_redtail:*:*:*:*:*:*:*:*", "matchCriteriaId": "5EEB557D-02A6-4010-8067-BBC6D3157981", "versionEndExcluding": "7.2.1", "versionStartIncluding": "7.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.1.0 through 6.2.1 and TIBCO Operational Intelligence Hawk RedTail: versions 7.0.0 through 7.2.0."}], "id": "CVE-2022-41564", "lastModified": "2023-02-22T19:15:10.887", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.0, "source": "security@tibco.com", "type": "Secondary"}]}, "published": "2023-02-14T18:15:11.933", "references": [{"source": "security@tibco.com", "tags": ["Vendor Advisory"], "url": "https://www.tibco.com/services/support/advisories"}], "sourceIdentifier": "security@tibco.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}