Is CVE-2023-26219 actively exploited?

CVE-2023-26219 has no public evidence of in-the-wild exploitation as of 2024-11-21.

What is the CVSS score for CVE-2023-26219?

CVE-2023-26219 has a CVSS score of 7.4 (HIGH severity). Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N.

How do I patch CVE-2023-26219?

Patch guidance is available from tibco security advisories. CVEDatabase generates AI-assisted remediation guidance on demand for CVE-2023-26219.

Fix CVE-2023-26219 - HIGH tibco hawk

Q: Which products are affected by CVE-2023-26219?

4 products: tibco hawk, tibco hawk distribution for tibco silver fabric, tibco operational intelligence hawk redtail, tibco runtime agent.

Description

The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.

CVSS Metrics

Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Attack Vector: adjacent network
Complexity: low
Privileges: none
User Action: none
Scope: changed
Confidentiality: high
Integrity: none
Availability: none
Weaknesses: CWE-798 · Hard-coded Credentials

Metadata

Primary Vendor: TIBCO
Published: 10/25/2023
Last Modified: 11/21/2024
Source: NIST NVD
Note: Verify all details with official vendor sources before applying patches.

Affected Products

tibco : hawktibco : hawk_distribution_for_tibco_silver_fabrictibco : operational_intelligence_hawk_redtailtibco : runtime_agent

Remediation Guidance

Executive Summary

View on NIST NVD