CVSS: 9.0EPSS: 0%CPEs: 4EXPL: 0CVE-2023-26219 – TIBCO Operational Intelligence Hawk RedTail Credential Exposure Vulnerability
https://notcve.org/view.php?id=CVE-2023-26219
24 Oct 2023 — The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6... • https://www.tibco.com/services/support/advisories • CWE-798: Use of Hard-coded Credentials •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-29167 – ReDoS vulnerability in header parsing in hawk
https://notcve.org/view.php?id=CVE-2022-29167
05 May 2022 — Hawk is an HTTP authentication scheme providing mechanisms for making authenticated HTTP requests with partial cryptographic verification of the request and response, covering the HTTP method, request URI, host, and optionally the request payload. Hawk used a regular expression to parse `Host` HTTP header (`Hawk.utils.parseHost()`), which was subject to regular expression DoS attack - meaning each added character in the attacker's input increases the computation time exponentially. `parseHost()` was patched... • https://github.com/mozilla/hawk/pull/286 • CWE-400: Uncontrolled Resource Consumption CWE-1333: Inefficient Regular Expression Complexity •
CVSS: 10.0EPSS: 5%CPEs: 22EXPL: 0CVE-2008-3338
https://notcve.org/view.php?id=CVE-2008-3338
13 Aug 2008 — Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message. Múltiples desbordamientos de búfer en TIBCO Hawk (1) la librería AMI C (libtibhawkami) y (2) Hawk HMA (tibhawkhma), como se usan en TIBCO Hawk antes de 4.8.1; Runtime... • http://secunia.com/advisories/31618 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 11%CPEs: 19EXPL: 0CVE-2008-1703
https://notcve.org/view.php?id=CVE-2008-1703
11 Apr 2008 — Multiple buffer overflows in TIBCO Software Rendezvous before 8.1.0, as used in multiple TIBCO products, allow remote attackers to execute arbitrary code via a crafted message. Múltiples desbordamientos de búfer en TIBCO Software Rendezvous anterior a 8.1.0., utilizado en múltiples productos TIBCO,permitena atacantes remotos ejecutar código de su elección mediante un mensaje manipulado. • http://secunia.com/advisories/29774 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 3EXPL: 0CVE-2006-2829
https://notcve.org/view.php?id=CVE-2006-2829
05 Jun 2006 — Buffer overflow in Hawk Monitoring Agent (HMA) for TIBCO Hawk before 4.6.1 and TIBCO Runtime Agent (TRA) before 5.4 allows authenticated users to execute arbitrary code via the configuration for tibhawkhma. • http://secunia.com/advisories/20431 •