CVSS: 8.8EPSS: 0%CPEs: 4EXPL: 0CVE-2023-26219 – TIBCO Operational Intelligence Hawk RedTail Credential Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2023-26219
The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below. Los componentes Hawk Console y Hawk Agent de TIBCO Hawk de TIBCO Software Inc., TIBCO Hawk Distribution para TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail y TIBCO Runtime Agent contienen una vulnerabilidad que teóricamente permite a un atacante acceder al log de Hawk Console y Hawk Agent para obtener las credenciales utilizadas para acceder a los servidores EMS asociados. • https://www.tibco.com/services/support/advisories • CWE-798: Use of Hard-coded Credentials •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-3020
https://notcve.org/view.php?id=CVE-2021-3020
An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from tools/hawk_invoke.c), intended to be used as a setuid program. This allows the hacluster user to invoke certain commands as root (with an attempt to limit this to safe combinations). This user is able to execute an interactive "shell" that isn't limited to the commands specified in hawk_invoke, allowing escalation to root. Se ha detectado un problema en ClusterLabs Hawk (también se conoce como HA Web Konsole) hasta la versión 2.3.0-15. • https://bugzilla.suse.com/show_bug.cgi?id=1180571 https://github.com/ClusterLabs/crmsh/commit/c538024b8ebd138dc373b005189471d9b77e9c82 https://github.com/ClusterLabs/hawk/releases • CWE-269: Improper Privilege Management •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29167 – ReDoS vulnerability in header parsing in hawk
https://notcve.org/view.php?id=CVE-2022-29167
Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse `Host` HTTP header (`Hawk.utils.parseHost()`), which was subject to regular expression DoS attack - meaning each added character in the attacker's input increases the computation time exponentially. `parseHost()` was patched in `9.0.1` to use built-in `URL` class to parse hostname instead. `Hawk.authenticate()` accepts `options` argument. If that contains `host` and `port`, those would be used instead of a call to `utils.parseHost()`. • https://github.com/mozilla/hawk/pull/286 https://github.com/mozilla/hawk/security/advisories/GHSA-44pw-h2cw-w3vq • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 0CVE-2020-35458
https://notcve.org/view.php?id=CVE-2020-35458
An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_me_id parameter in the login_from_cookie cookie. The user logout routine could be used by unauthenticated remote attackers to execute code as hauser. Se detectó un problema en ClusterLabs Hawk versiones 2.x hasta 2.3.0-x. Se presenta un problema de inyección de código de shell Ruby por medio del parámetro hawk_remember_me_id en la cookie login_from_cookie. • http://www.openwall.com/lists/oss-security/2021/01/12/3 https://bugzilla.suse.com/show_bug.cgi?id=1179998 https://github.com/ClusterLabs/hawk/releases https://www.openwall.com/lists/oss-security/2021/01/12/3 • CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') •
CVSS: 10.0EPSS: 5%CPEs: 22EXPL: 0CVE-2008-3338
https://notcve.org/view.php?id=CVE-2008-3338
Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message. Múltiples desbordamientos de búfer en TIBCO Hawk (1) la librería AMI C (libtibhawkami) y (2) Hawk HMA (tibhawkhma), como se usan en TIBCO Hawk antes de 4.8.1; Runtime Agent (TRA) anterior a 5.6.0; iProcess Engine de 10.3.0 a 10.6.2 y 11.0.0; y Mainframe Service Tracker anterior a 1.1.0 podría permitir a atacantes remotos ejecutar código de su elección mediante un mensaje manipulado. • http://secunia.com/advisories/31618 http://www.securityfocus.com/bid/30836 http://www.tibco.com/resources/mk/hawk_security_advisory_20080729.txt http://www.vupen.com/english/advisories/2008/2448 https://exchange.xforce.ibmcloud.com/vulnerabilities/44604 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •