TIBCO Product Security Update Advisory
Overview
An update has been released to address vulnerabilities in TIBCO Products. Users of the affected versions are advised to update to the latest version.
Affected Products
CVE-2024-10217, CVE-2024-10218
- TIBCO Hawk versions: 6.2.0, 6.2.1, 6.2.2, 6.2.3, 6.2.4
- TIBCO Hawk version: 6.3.0
- TIBCO Operational Intelligence Hawk versions: 7.2.0, 7.2.1, 7.2.2
CVE-2024-10514
- TIBCO API Exchange Gateway versions: 2.4.0, 2.5.0
Resolved Vulnerabilities
Vulnerability that allows malicious .mar file authors to conduct XSS attacks (CVE-2024-10217)
Vulnerability that could allow malicious .mar file authors to read sensitive files on the host system (CVE-2024-10218)
Vulnerability that could allow a malicious user to perform an XML external entity extension (XXE) attack to disclose host machine information (CVE-2024-10514)
Vulnerability Patches
Vulnerability patches have been made available in the latest update. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.
CVE-2024-10217, CVE-2024-10218
- TIBCO Hawk version: 6.2.5 or later version
- TIBCO Hawk version: 6.3.1 or later version
- TIBCO Operational Intelligence Hawk version: 7.3.0 or later version
CVE-2024-10514
- TIBCO API Exchange Gateway version: 2.5.1 or later version
Referenced Sites
[1] CVE-2024-10217 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-10217
[2] TIBCO Security Advisory: November 12, 2024 – TIBCO Hawk & Operational Intelligence – CVE-2024-10217
[3] CVE-2024-10218 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-10218
[4] TIBCO Security Advisory: November 12, 2024 – TIBCO Hawk & Operational Intelligence – CVE-2024-10218
[5] CVE-2024-10514 Detail
https://nvd.nist.gov/vuln/detail/CVE-2024-10514
[6] TIBCO Security Advisory: November 19, 2024 – TIBCO API Exchange Gateway – CVE-2024-10514