Vulnerability Description
Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 through 10.6.2 and 11.0.0; and Mainframe Service Tracker before 1.1.0 might allow remote attackers to execute arbitrary code via a crafted message.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Tibco | Hawk | <= 4.8.0 |
| Tibco | Iprocess Engine | 10.3.0 |
| Tibco | Mainframe Service Tracker | <= 1.0 |
| Tibco | Runtime Agent | <= 5.5.4 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/31618
- http://www.securityfocus.com/bid/30836
- http://www.tibco.com/resources/mk/hawk_security_advisory_20080729.txt
- http://www.vupen.com/english/advisories/2008/2448
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44604
- http://secunia.com/advisories/31618
- http://www.securityfocus.com/bid/30836
- http://www.tibco.com/resources/mk/hawk_security_advisory_20080729.txt
- http://www.vupen.com/english/advisories/2008/2448
- https://exchange.xforce.ibmcloud.com/vulnerabilities/44604
FAQ
What is CVE-2008-3338?
CVE-2008-3338 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple buffer overflows in TIBCO Hawk (1) AMI C library (libtibhawkami) and (2) Hawk HMA (tibhawkhma), as used in TIBCO Hawk before 4.8.1; Runtime Agent (TRA) before 5.6.0; iProcess Engine 10.3.0 th...
How severe is CVE-2008-3338?
CVE-2008-3338 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-3338?
Check the references section above for vendor advisories and patch information. Affected products include: Tibco Hawk, Tibco Iprocess Engine, Tibco Mainframe Service Tracker, Tibco Runtime Agent.