CyberSec.Space Logo
Back to CVE Browser

CVE-2008-3338

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0420%
EPSS Percentile27.32th
PublishedAug 13, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message.

Affected Platforms (CPE)

πŸ“¦
Tibco

Hawk

<= 4.8.0
πŸ“¦
Tibco

Hawk

= 4.6.0
πŸ“¦
Tibco

Hawk

= 4.6.1
πŸ“¦
Tibco

Hawk

= 4.7
πŸ“¦
Tibco

Iprocess Engine

= 10.3.0
πŸ“¦
Tibco

Iprocess Engine

= 10.3.1
πŸ“¦
Tibco

Iprocess Engine

= 10.3.2
πŸ“¦
Tibco

Iprocess Engine

= 10.3.3
πŸ“¦
Tibco

Iprocess Engine

= 10.3.4
πŸ“¦
Tibco

Iprocess Engine

= 10.3.5
πŸ“¦
Tibco

Iprocess Engine

= 10.4
πŸ“¦
Tibco

Iprocess Engine

= 10.4.1
πŸ“¦
Tibco

Iprocess Engine

= 10.5
πŸ“¦
Tibco

Iprocess Engine

= 10.6
πŸ“¦
Tibco

Iprocess Engine

= 10.6.0
πŸ“¦
Tibco

Iprocess Engine

= 10.6.1
πŸ“¦
Tibco

Iprocess Engine

= 10.6.2
πŸ“¦
Tibco

Iprocess Engine

= 11.0
πŸ“¦
Tibco

Mainframe Service Tracker

<= 1.0
πŸ“¦
Tibco

Runtime Agent

<= 5.5.4
πŸ“¦
Tibco

Runtime Agent

= 5.3
πŸ“¦
Tibco

Runtime Agent

= 5.4.0

References & Advisories

πŸ”— http://secunia.com/advisories/31618
πŸ”— http://www.securityfocus.com/bid/30836
πŸ”— http://www.tibco.com/resources/mk/hawk_security_advisory_20080729.txt
πŸ”— http://www.vupen.com/english/advisories/2008/2448
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/44604
πŸ”— http://secunia.com/advisories/31618
πŸ”— http://www.securityfocus.com/bid/30836
πŸ”— http://www.tibco.com/resources/mk/hawk_security_advisory_20080729.txt

Related Vulnerabilities

CVE-2020-354589.8

An issue was discovered in ClusterLabs Hawk 2.x through 2.3.0-x. There is a Ruby shell code injection issue via the hawk_remember_...

CVE-2021-30208.8

An issue was discovered in ClusterLabs Hawk (aka HA Web Konsole) through 2.3.0-15. It ships the binary hawk_invoke (built from too...

CVE-2002-08787.5

SQL injection vulnerability in the login form for LogiSense software including (1) Hawk-i Billing, (2) Hawk-i ASP and (3) DNS Mana...

CVE-2017-31567.5

The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time ...