WARNING: TWO CRITICAL VULNERABILITIES IN TIBCO (OPERATIONAL INTELLIGENCE) HAWK THAT CAN LEAD TO SYSTEM MANIPULATION WITH USER PRIVILEGES AND CAN ALLOW THE ATTACKER TO READ SENSITIVE FILES, PATCH IMMEDIATELY!
CVE-2024-10217
CVSS 9.2(CVSS:3.1/AV:N/AC:H/PR:H/UI:P/S:U/C:H/I:H/A:N)
CVE-2024-10218
CVSS 9.2(CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N)
Sources
- https://community.tibco.com/advisories/tibco-security-advisory-november-...
- https://community.tibco.com/advisories/tibco-security-advisory-november-...
Risques
TIBCO Operational Intelligence Hawk is a platform to manage distributed applications and systems. It is mainly used by system admins. There is no information whether the two mentioned vulnerabilities have been actively exploited.
These two critical vulnerabilities have a high impact in Confidentiality and Integrity, while there is no impact in Availability.
Description
CVE-2024-10217
Allows an attacker who performs an XSS attack to manipulate the system with user privileges.
CVE-2024-10218
Allows an attacker to read sensitive files in host filesystem with the same privilege as the server’s process.
In both vulnerabilities, the affected components are the mar.jar (monitoring archive utility) and monotoringconsolecommon.jar.
Actions recommandées
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for vulnerable devices with the highest priority, after thorough testing.
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://ccb.belgium.be/en/cert/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.