Universal Installer Password Disclosure Vulnerability Affects TIBCO Hawk Versions 6.2.0-6.2.3

CVE-2024-3182

6.5MEDIUM

Key Information

Vendor: Tibco
Status: Hawk
Vendor: CVE Published:; 15 May 2024

Summary

Install-type password disclosure vulnerability in Universal Installer including the Silent Installer in TIBCO Hawk versions 6.2.0, 6.2.1, 6.2.2 and 6.2.3 allows user's Enterprise Message Service (EMS) password to be exposed outside of the hawkagent.cfg and hawkevent.cfg config files.

Affected Version(s)

Hawk < 6.2.4

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published.
May 15, 2024
Vulnerability Reserved.
Apr 2, 2024

Collectors

NVD DatabaseMitre Database