Use of hard-coded credentials in TIBCO products - CVE-2023-26219
Published: November 8, 2023
Vulnerability identifier: #VU82905
CSH Severity: Medium
CVSSv4.0: CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2023-26219
CWE-ID: CWE-798
Exploitation vector: Adjecent network
Exploit availability:
No public exploit available
Vulnerable software:
TIBCO Hawk
TIBCO Operational Intelligence Hawk RedTail
TIBCO Hawk Distribution for TIBCO Silver Fabric
TIBCO Runtime Agent
TIBCO Hawk
TIBCO Operational Intelligence Hawk RedTail
TIBCO Hawk Distribution for TIBCO Silver Fabric
TIBCO Runtime Agent
Software vendor:
TIBCO
TIBCO
Description
The vulnerability allows a remote attacker to gain full access to vulnerable system.
The vulnerability exists due to presence of hard-coded credentials in application code within the Hawk Console and Hawk Agent components. A remote attacker on the local network can access the affected system using the hard-coded credentials.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Remediation
Install updates from vendor's website.