CVE-2022-41564

Summary

The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.1.0 through 6.2.1 and TIBCO Operational Intelligence Hawk RedTail: versions 7.0.0 through 7.2.0.

Affected Software

VendorProductVersion RangeStatus
TIBCO Software Inc.TIBCO Hawkunspecified <= 6.2.1affected
TIBCO Software Inc.TIBCO Operational Intelligence Hawk RedTailunspecified <= 7.2.0affected

Weaknesses

  • The impact of this vulnerability includes the theoretical possibility of an authenticated Hawk Console user gaining administrative access to the EMS server.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References