Add TIBCO-2023-270-Hawk

2025-06-10 02:04:31 +00:00 · 2023-02-14 07:46:33 -10:00 · 2023-02-14 07:46:33 -10:00 · 88b89ea695
commit 88b89ea695
parent 99c7ae4f8a
1 changed files with 100 additions and 17 deletions
--- a/2022/41xxx/CVE-2022-41564.json
+++ b/2022/41xxx/CVE-2022-41564.json
@ -1,18 +1,101 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
-    "CVE_data_meta": {
-        "ID": "CVE-2022-41564",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
-    },
-    "description": {
-        "description_data": [
-            {
-                "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
-            }
-        ]
-    }
-}
+	"CVE_data_meta": {
+		"ASSIGNER": "security@tibco.com",
+		"DATE_PUBLIC": "2023-02-14T00:00:00Z",
+		"ID": "CVE-2022-41564",
+		"STATE": "PUBLIC",
+		"TITLE": "TIBCO Operational Intelligence Hawk Redtail Credential Exposure Vulnerability"
+	},
+	"affects": {
+		"vendor": {
+			"vendor_data": [
+				{
+					"product": {
+						"product_data": [
+							{
+								"product_name": "TIBCO Hawk",
+								"version": {
+									"version_data": [
+										{
+											"version_affected": "<=",
+											"version_value": "6.2.1"
+										}
+									]
+								}
+							},
+							{
+								"product_name": "TIBCO Operational Intelligence Hawk RedTail",
+								"version": {
+									"version_data": [
+										{
+											"version_affected": "<=",
+											"version_value": "7.2.0"
+										}
+									]
+								}
+							}
+						]
+					},
+					"vendor_name": "TIBCO Software Inc."
+				}
+			]
+		}
+	},
+	"data_format": "MITRE",
+	"data_type": "CVE",
+	"data_version": "4.0",
+	"description": {
+		"description_data": [
+			{
+				"lang": "eng",
+				"value": "The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.1 and below and TIBCO Operational Intelligence Hawk RedTail: versions 7.2.0 and below."
+			}
+		]
+	},
+	"impact": {
+		"cvss": {
+			"attackComplexity": "LOW",
+			"attackVector": "NETWORK",
+			"availabilityImpact": "NONE",
+			"baseScore": 6.8,
+			"baseSeverity": "MEDIUM",
+			"confidentialityImpact": "HIGH",
+			"integrityImpact": "NONE",
+			"privilegesRequired": "HIGH",
+			"scope": "CHANGED",
+			"userInteraction": "NONE",
+			"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
+			"version": "3.1"
+		}
+	},
+	"problemtype": {
+		"problemtype_data": [
+			{
+				"description": [
+					{
+						"lang": "eng",
+						"value": "The impact of this vulnerability includes the theoretical possibility of an authenticated Hawk Console user gaining administrative access to the EMS server."
+					}
+				]
+			}
+		]
+	},
+	"references": {
+		"reference_data": [
+			{
+				"name": "https://www.tibco.com/services/support/advisories",
+				"refsource": "CONFIRM",
+				"url": "https://www.tibco.com/services/support/advisories"
+			}
+		]
+	},
+	"solution": [
+		{
+			"lang": "eng",
+			"value": "TIBCO has released updated versions of the affected components which address these issues.\n\nTIBCO Hawk versions 6.2.1 and below: update to version 6.2.2 or later\nTIBCO Operational Intelligence Hawk RedTail versions 7.2.0 and below: update to version 7.2.1 or later"
+		}
+	],
+	"source": {
+		"discovery": ""
+	}
+}