TIBCO has investigated and identified applicable mitigation measures recommended by microprocessor and operating system vendors (“the Vendors”) for the Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) microprocessor vulnerabilities. The table below contains the current status of the Vendor-recommended mitigations for TIBCO offerings.
| TIBCO Offering | Mitigation status |
|---|---|
| Virtual Machine images | |
|
TIBCO BusinessWorks™ Container Edition and Plug-ins for AWS |
TIBCO BusinessWorks™ Container Edition and Plug-ins for AWS 2.3.3 and TIBCO BusinessWorks™ Container Edition and Plug-ins for AWS (BYOL) 2.3.3 are now available on AWS Marketplace. These releases use CentOS 7 x86_64 AMI version 1801_1 with kernel version 3.10.0-693.11.6.el7.x86_64, as recommended by a RedHat Security Advisory https://access.redhat.com/errata/RHSA-2018:0007 |
|
TIBCO Clarity |
An update of TIBCO Clarity with appropriate Vendor-recommended mitigation updates is now available as on AWS Marketplace. TIBCO encourages its users to ensure they are using the latest version. |
|
TIBCO Jaspersoft for AWS with Multi-Tenancy |
An update for this virtual image with appropriate Vendor-recommended mitigation updates is now available on AWS Marketplace. TIBCO encourages its users to ensure they are using the latest version. |
|
TIBCO Jaspersoft Reporting and Analytics for AWS (Hourly) |
An update for these virtual images with appropriate Vendor-recommended mitigation updates is now available on AWS Marketplace. TIBCO encourages its users to ensure they are using the latest version. |
|
TIBCO LogLogic Enterprise Virtual Appliance Software |
TIBCO continues to monitor recommendations of its upstream vendors to determine the best solution to address these vulnerabilities. See https://support.tibco.com/s/article/TIBCO-LogLogic-LMI-exposure-and-impact-status-regarding-Meltdown-and-Spectre-Vulnerabilities for specific information on this product. Note: A TIBCO Customer Support Portal account is required to access this URL. |
|
TIBCO Mashery Local |
TIBCO Mashery Local 4.3.0, which is now available, includes CentOS 2.6.32-696.18.7.el6.x86_64. This is the version of CentOS announced by a Redhat Security Advisory to address Meltdown/Spectre: https://access.redhat.com/errata/RHSA-2018:0008 |
|
TIBCO Spotfire® Analytics Platform for AWS Marketplace |
An update for this virtual image with appropriate Vendor-recommended mitigation updates is available on AWS Marketplace. |
| Hardware appliances | |
|
TIBCO FTL® Message Switch |
A software and/or firmware update for the TIBCO FTL® Message Switch appliance with appropriate Vendor-recommended mitigation updates is scheduled to be available by April 30, 2018 on the TIBCO eDelivery site. |
|
TIBCO LogLogic® Log Management Intelligence (LMI) |
TIBCO continues to monitor its upstream vendors to determine the best solution to address these vulnerabilities. Please see https://support.tibco.com/s/article/TIBCO-LogLogic-LMI-exposure-and-impact-status-regarding-Meltdown-and-Spectre-Vulnerabilities for specific information on this product. Note: A TIBCO Customer Support Portal account is required to access this URL. |
| TIBCO-hosted services | |
|
TIBCO Mashery |
Mashery® has been updated to include appropriate patches recommended by the Vendors to mitigate these vulnerabilities in externally accessible systems. |
|
TIBCO® Reward |
TIBCO is currently testing appropriate Vendor-recommended mitigation updates for TIBCO Reward. Following completion of testing, TIBCO will contact customers to schedule upgrades to TIBCO Reward. |
|
All other hosted services |
TIBCO hosted services other than TIBCO Mashery and TIBCO Reward, have been upgraded to include appropriate Vendor-recommended mitigation updates. |
