CVE-2022-41564

TIBCO Operational Intelligence Hawk Redtail Credential Exposure Vulnerability

Description

The Hawk Console component of TIBCO Software Inc.'s TIBCO Hawk and TIBCO Operational Intelligence Hawk RedTail contains a vulnerability that will return the EMS transport password and EMS SSL password to a privileged user. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.1.0 through 6.2.1 and TIBCO Operational Intelligence Hawk RedTail: versions 7.0.0 through 7.2.0.

Remediation

Solution:

TIBCO has released updated versions of the affected components which address these issues. TIBCO Hawk versions 6.1.0 through 6.2.1: update to version 6.2.2 or later TIBCO Operational Intelligence Hawk RedTail versions 7.0.0 through 7.2.0: update to version 7.2.1 or later

References

Link	Tags
https://www.tibco.com/services/support/advisories	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2022-41564?: CVE-2022-41564 has been scored as a medium severity vulnerability.
How to fix CVE-2022-41564?: To fix CVE-2022-41564: TIBCO has released updated versions of the affected components which address these issues. TIBCO Hawk versions 6.1.0 through 6.2.1: update to version 6.2.2 or later TIBCO Operational Intelligence Hawk RedTail versions 7.0.0 through 7.2.0: update to version 7.2.1 or later
Is CVE-2022-41564 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2022-41564 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2022-41564?: CVE-2022-41564 affects TIBCO Software Inc. TIBCO Hawk, TIBCO Software Inc. TIBCO Operational Intelligence Hawk RedTail.

Description

Remediation

Category

CWE-522 – Insufficiently Protected Credentials

References

Frequently Asked Questions