OpenCVE

Install-type password disclosure vulnerability in Universal Installer including the Silent Installer in TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3 allows user's Enterprise Message Service (EMS) password to be exposed outside of the hawkagent.cfg and hawkevent.cfg config files.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

References

Link	Providers
https://community.tibco.com/advisories/tibco-security-advisory-may-14-2024-tibco-hawk-cve-2024-3182-r213/

History

No history.

MITRE

Status: PUBLISHED

Assigner: tibco

Published: 2024-05-15T18:04:49.997Z

Updated: 2024-08-01T20:05:07.485Z

Reserved: 2024-04-02T06:27:25.231Z

Link: CVE-2024-3182

Vulnrichment

Updated: 2024-08-01T20:05:07.485Z

NVD

Status : Awaiting Analysis

Published: 2024-05-15T18:15:11.020

Modified: 2024-11-21T09:29:05.750

Link: CVE-2024-3182

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-3182", "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "state": "PUBLISHED", "assignerShortName": "tibco", "dateReserved": "2024-04-02T06:27:25.231Z", "datePublished": "2024-05-15T18:04:49.997Z", "dateUpdated": "2024-08-01T20:05:07.485Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Hawk", "vendor": "TIBCO", "versions": [{"lessThan": "6.2.4", "status": "affected", "version": "6.2.0", "versionType": "patch"}]}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(248, 248, 248);\">Install-type password disclosure vulnerability in <span style=\"background-color: transparent;\">Universal Installer including the Silent Installer</span> in TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3 allows <span style=\"background-color: rgb(255, 255, 255);\">user's Enterprise Message Service (EMS) password to be exposed outside of the hawkagent.cfg and hawkevent.cfg config files.</span></span><br>"}], "value": "Install-type password disclosure vulnerability in\u00a0Universal Installer including the Silent Installer in TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3 allows user's Enterprise Message Service (EMS) password to be exposed outside of the hawkagent.cfg and hawkevent.cfg config files.\n"}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "providerMetadata": {"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco", "dateUpdated": "2024-05-15T18:04:49.997Z"}, "references": [{"url": "https://community.tibco.com/advisories/tibco-security-advisory-may-14-2024-tibco-hawk-cve-2024-3182-r213/"}], "source": {"discovery": "UNKNOWN"}, "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-200", "lang": "en", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "affected": [{"vendor": "tibco", "product": "hawk", "cpes": ["cpe:2.3:a:tibco:hawk:*:*:*:*:*:*:*:*"], "defaultStatus": "unaffected", "versions": [{"version": "6.2.0", "status": "affected", "lessThan": "6.2.4", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-11T17:06:33.188845Z", "id": "CVE-2024-3182", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-01T15:15:06.991Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:05:07.485Z"}, "title": "CVE Program Container", "references": [{"url": "https://community.tibco.com/advisories/tibco-security-advisory-may-14-2024-tibco-hawk-cve-2024-3182-r213/", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://community.tibco.com/advisories/tibco-security-advisory-may-14-2024-tibco-hawk-cve-2024-3182-r213/", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T20:05:07.485Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-3182", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-11T17:06:33.188845Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:tibco:hawk:*:*:*:*:*:*:*:*"], "vendor": "tibco", "product": "hawk", "versions": [{"status": "affected", "version": "6.2.0", "lessThan": "6.2.4", "versionType": "custom"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-200", "description": "CWE-200 Exposure of Sensitive Information to an Unauthorized Actor"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-11T17:08:20.635Z"}}], "cna": {"source": {"discovery": "UNKNOWN"}, "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "TIBCO", "product": "Hawk", "versions": [{"status": "affected", "version": "6.2.0", "lessThan": "6.2.4", "versionType": "patch"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://community.tibco.com/advisories/tibco-security-advisory-may-14-2024-tibco-hawk-cve-2024-3182-r213/"}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Install-type password disclosure vulnerability in\u00a0Universal Installer including the Silent Installer in TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3 allows user's Enterprise Message Service (EMS) password to be exposed outside of the hawkagent.cfg and hawkevent.cfg config files.\n", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(248, 248, 248);\">Install-type password disclosure vulnerability in <span style=\"background-color: transparent;\">Universal Installer including the Silent Installer</span> in TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3 allows <span style=\"background-color: rgb(255, 255, 255);\">user's Enterprise Message Service (EMS) password to be exposed outside of the hawkagent.cfg and hawkevent.cfg config files.</span></span><br>", "base64": false}]}], "providerMetadata": {"orgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "shortName": "tibco", "dateUpdated": "2024-05-15T18:04:49.997Z"}}}, "cveMetadata": {"cveId": "CVE-2024-3182", "state": "PUBLISHED", "dateUpdated": "2024-08-01T20:05:07.485Z", "dateReserved": "2024-04-02T06:27:25.231Z", "assignerOrgId": "4f830c72-39e4-45f6-a99f-78cc01ae04db", "datePublished": "2024-05-15T18:04:49.997Z", "assignerShortName": "tibco"}, "dataVersion": "5.1"}