CVE-2023-26219

TIBCO Operational Intelligence Hawk RedTail Credential Exposure Vulnerability

Description

The Hawk Console and Hawk Agent components of TIBCO Software Inc.'s TIBCO Hawk, TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Operational Intelligence Hawk RedTail, and TIBCO Runtime Agent contain a vulnerability that theoretically allows an attacker with access to the Hawk Console’s and Agent’s log to obtain credentials used to access associated EMS servers. Affected releases are TIBCO Software Inc.'s TIBCO Hawk: versions 6.2.2 and below, TIBCO Hawk Distribution for TIBCO Silver Fabric: versions 6.2.2 and below, TIBCO Operational Intelligence Hawk RedTail: versions 7.2.1 and below, and TIBCO Runtime Agent: versions 5.12.2 and below.

Remediation

Solution:

  • TIBCO has released updated versions of the affected components which address these issues. TIBCO Hawk versions 6.2.2 and below: update to version 6.2.3 or later TIBCO Hawk Distribution for TIBCO Silver Fabric versions 6.2.2 and below: update to version 6.2.3 or later TIBCO Operational Intelligence Hawk RedTail versions 7.2.1 and below: update to version 7.2.2 or later TIBCO Runtime Agent versions 5.12.2 and below: update to version 5.12.3 or later

Category

7.4
CVSS
Severity: High
CVSS 3.1 •
EPSS 0.20%
Vendor Advisory tibco.com
Affected: TIBCO Software Inc. TIBCO Hawk
Affected: TIBCO Software Inc. TIBCO Hawk Distribution for TIBCO Silver Fabric
Affected: TIBCO Software Inc. TIBCO Operational Intelligence Hawk RedTail
Affected: TIBCO Software Inc. TIBCO Runtime Agent
Published at:
Updated at:

References

Link Tags
https://www.tibco.com/services/support/advisories vendor advisory

Frequently Asked Questions

What is the severity of CVE-2023-26219?
CVE-2023-26219 has been scored as a high severity vulnerability.
How to fix CVE-2023-26219?
To fix CVE-2023-26219: TIBCO has released updated versions of the affected components which address these issues. TIBCO Hawk versions 6.2.2 and below: update to version 6.2.3 or later TIBCO Hawk Distribution for TIBCO Silver Fabric versions 6.2.2 and below: update to version 6.2.3 or later TIBCO Operational Intelligence Hawk RedTail versions 7.2.1 and below: update to version 7.2.2 or later TIBCO Runtime Agent versions 5.12.2 and below: update to version 5.12.3 or later
Is CVE-2023-26219 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2023-26219 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-26219?
CVE-2023-26219 affects TIBCO Software Inc. TIBCO Hawk, TIBCO Software Inc. TIBCO Hawk Distribution for TIBCO Silver Fabric, TIBCO Software Inc. TIBCO Operational Intelligence Hawk RedTail, TIBCO Software Inc. TIBCO Runtime Agent.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.