CVE-2024-3182

Name of the Vulnerable Software and Affected Versions TIBCO Hawk versions 6.2.0 through 6.2.3

Description The issue allows a user's Enterprise Message Service (EMS) password to be exposed outside of the hawkagent.cfg and hawkevent.cfg config files due to an install-type password disclosure vulnerability in the Universal Installer, including the Silent Installer.

Recommendations For versions 6.2.0 through 6.2.3, consider restricting access to the hawkagent.cfg and hawkevent.cfg config files to minimize the risk of password exposure until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.