CVE-2024-10217 CRITICAL

CVE-2024-10217: TIBCO Hawk Stored-XSS Vulnerability

Vendor Tibco Software Inc
Product TIBCO Hawk
Published November 12, 2024
Last update November 21, 2024

CVSS base score

9.2/10
Attack vector Network
Attack complexity Low
Privileges required High
User interaction
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:P/VC:H/VI:H/VA:N/SC:L/SI:N/SA:H/AU:N/R:U/V:C/U:Green

What the vulnerability does

01Description

XSS Attack in mar.jar, Monitoring Archive Utility (MAR Utility), monitoringconsolecommon.jar in TIBCO Software Inc TIBCO Hawk and TIBCO Operational Intelligence

Key dates

02Disclosure timeline

November 12, 2024 CVE published
November 21, 2024 Record updated