TIBCO is currently assessing the impact of this vulnerability to our products. This vulnerability is limited in scope to OpenSSL-encrypted systems. As more information becomes available, it will be published via Late Breaking News (LBNs) on TIBCO Support Central (support.tibco.com). Due to the nature of this vulnerability, some issues may be mitigated by default and others may be mitigated via configuration as per CVE-2015-0204. TIBCO is currently investigating which issues are mitigated by default, which can be mitigated by configuration and which, if any, require new software releases.
TIBCO Software Inc. has determined that the following products are affected:
- TIBCO Enterprise Message Service™ (EMS) - easily configured, consult the documentation on the attribute "ssl_server_ciphers"
- TIBCO Enterprise Message Service™ Appliance and High Performance Edition Appliance - Same as the software version, easily configured.
- TIBCO Rendezvous® (RV) - TBD - not vulnerable from RV Client to RV Daemon
- TIBCO LogLogic® Log Management Intelligence - TBD - some interfaces are configurable
- TIBCO LogLogic® Enterprise Virtual Appliance - TBD - some interfaces are configurable
Please check for Late Breaking News on TIBCO Support Central.