Introducing the all-new TIBCO Community site!

For current users, please click "Sign In" to reset your password and access the enhanced features. If you're a first-time visitor, we extend a warm welcome—click "Sign Up" to become a part of the TIBCO Community!

If you're seeking alternative community sites, explore ibi, Jaspersoft, and Spotfire.

Jump to content
  • Apache Log4J Vulnerability Update


    admin

    TIBCO continues to work on investigating and identifying mitigations for the series of Apache Log4J related vulnerabilities - CVE-2021-44228 (referred to as the “Log4Shell” vulnerability), CVE-2021-45046, CVE-2021-44832, and CVE-2021-45105. The table below contains the current status of these efforts. TIBCO continues to make the investigation and remediation of this vulnerability its top priority.

    TIBCO is aware of CVE-2021-4104 and this issue was investigated as part of our response to CVE-2021-44228. It is addressed by Note 1 below.

    TIBCO products or services are not impacted by CVE-2019-17571, CVE-2022-23302, CVE-2022-23305, and CVE-2022-23307.

    TIBCO products not listed in the sections below are still under active investigation and information about them will be posted in upcoming updates.

    TIBCO is monitoring and working with OEM third-party vendors on this issue and we will provide additional information as it becomes available on the effect of those vendor’s offerings on TIBCO products.

    TIBCO will publish short-term remediation guidance as it becomes available. TIBCO will follow up this guidance with, if appropriate, a hotfix and ultimately an official release to address this vulnerability.

    Here is the current status as of the publication time of this update.

     

    Log4J CVE Status for TIBCO Products

    (applies to versions that are currently in Standard Support)

    New Products or status change not in previous updates are indicated by the product name in BOLD

    Mitigations, Hotfixes and Service Packs are hotlinked in the product name.

    Legend

    ✅ - Unaffected or remediate

    🔍 - Under Investigation

     

    TIBCO Product

    CVE-2021-44228

    CVE-2021-45046

    CVE-2021-45105

    CVE-2021-44832

    TIBCO® distribution of Apache Pulsar version 2.7.4

    Apply Mitigation

    🔍

    🔍

    TIBCO® distribution of Apache Pulsar version 2.8.2

    Apply Mitigation

    🔍

    🔍

    TIBCO® distribution of Apache Pulsar version 2.9.1

    Apply Mitigation

    🔍

    🔍

    TIBCO ActiveMatrix® Service Grid Platform

    See Note 1

    See Note 1

    See Note 1

    TIBCO ActiveSpaces® version 2.x

    See Note 1

    See Note 1

    See Note 1

    TIBCO ActiveSpaces® version 4.x

    TIBCO Apache Kafka® Distribution

    TIBCO® API Exchange Gateway

    TIBCO® API Exchange Manager

    TIBCO® AuditSafe version 1.1 

    TIBCO® BPM Enterprise 4.3.x product line (formerly known as TIBCO® ActiveMatrix BPM)

    See Note 1

    See Note 1

    See Note 1

    TIBCO® BPM Enterprise version 5.2.1 and above

    TIBCO BusinessConnect™

    TIBCO BusinessConnect™ Container Edition version 1.1

    TIBCO BusinessConnect™ Trading Community Management

    TIBCO BusinessEvents® versions 5.x and below

    TIBCO BusinessEvents® Enterprise Edition versions 6.0.0 thru 6.2.0

    Apply Mitigation

    See Note 2

    See Note 2

    See Note 2

    TIBCO BusinessEvents® Extreme

    TIBCO BusinessWorks™ 5.14 (TRA 5.11.x and TIBCO Administrator™ 5.11.x) and prior versions

    See Notes 1 and 2

    See Notes 1 and 2

    See Notes 1 and 2

    See Notes 1 and 2

    TIBCO BusinessWorks™ 5 version 5.15 (TRA 5.12 and TIBCO Administrator™ 5.12), TIBCO ActiveMatrix® Adapter for Database 7.3, TIBCO ActiveMatrix® Adapter for Files for Unix/Win 7.1, and TIBCO ActiveMatrix® Adapter for SAP 7.3

    Apply Hotfix

    Apply Hotfix

    TIBCO BusinessWorks™ 5 adapters and plugins ecosystem

    See Notes 1 and 2

    See Notes 1 and 2

    See Notes 1 and 2

    See Notes 1 and 2

    TIBCO BusinessWorks™ 6

    See Notes 1 and 2

    See Notes 1 and 2

    See Notes 1 and 2

    See Notes 1 and 2

    TIBCO BusinessWorks™ 6 plugins ecosystem

    See Notes 1 and 2

    See Notes 1 and 2

    See Notes 1 and 2

    See Notes 1 and 2

    TIBCO BusinessWorks™ Container Edition

    See Notes 1 and 2

    See Notes 1 and 2

    See Notes 1 and 2

    See Notes 1 and 2

    TIBCO BusinessWorks™ Container Edition plugins ecosystem

    See Notes 1 and 2

    See Notes 1 and 2

    See Notes 1 and 2

    See Notes 1 and 2

    TIBCO® Clarity – Cloud Edition

    TIBCO Cloud™

           

        TIBCO Cloud™ API Management

        TIBCO Cloud™ AuditSafe

        TIBCO Cloud™ Data Streams

        TIBCO Cloud™ Events

        TIBCO Cloud™ Integration

        TIBCO Cloud™ Live Apps

        TIBCO Cloud™ Messaging

        TIBCO Cloud™ Metadata

        TIBCO Cloud™ Nimbus®

        TIBCO Cloud™ Spotfire®

    TIBCO Cloud™ MDM

    TIBCO Cloud™ API Management - Local Edition

    TIBCO DataSynapse GridServer®

    TIBCO DataSynapse™ High-Performance Computing Cloud Adapter

    TIBCO® Data Migrator versions 8204 and below

    TIBCO® Data Migrator Cloud

    TIBCO® Data Science for TIBCO Spotfire® Analyst Version

    TIBCO® Data Science Team Studio

    TIBCO® Data Virtualization version 8.4.0 and below

    See Note 1

    See Note 1

    See Note 1

    See Note 1

    TIBCO® Data Virtualization version 8.5.0

    Apply Service Pack

    Apply Service Pack

    Apply Service Pack

    Apply Service Pack

    TIBCO EBX® versions 5.8.x thru 6.x

    See Notes 1 and 2

    See Notes 1 and 2

    See Notes 1 and 2

    See Notes 1 and 2

    TIBCO EBX® Addons 3.12.0 thru 5.2.0

    Apply Hotfix

    Apply Hotfix

    Apply Hotfix

    TIBCO EBX® Container Edition version 6.0.3

    Apply Hotfix

    Apply Hotfix

    Apply Hotfix

    TIBCO® Enterprise Administrator (TEA)

    TIBCO Enterprise Message Service™

    TIBCO Enterprise Message Service™ Appliance (EMSA)

    TIBCO FOCUS®

    TIBCO Flogo® Enterprise and all connectors

    TIBCO Foresight® Archive and Retrieval System Standard and Healthcare Editions versions 5.0.0 thru 5.3.0

    TIBCO Foresight® BI Bridge® - BAM Extract

    Apply Hotfix

    Apply Hotfix

    TIBCO Foresight® Instream (Healthcare and Standard Editions) versions 8.8.0 thru 9.2.0

    Apply Hotfix

    Apply Hotfix

    TIBCO Foresight® Operation Monitor Standard and Healthcare Editions versions 5.0.0 thru 5.3.0

    TIBCO Foresight® Transaction Insight Standard and Healthcare Editions versions 5.0.0 thru 5.3.0

    TIBCO Foresight® Translator (Healthcare and Standard Editions) versions 3.8.0 thru 4.1.0

    Apply Hotfix

    Apply Hotfix

    TIBCO FTL® and eFTL

    TIBCO® Fulfillment Catalog Software versions 3.0.0 thru 4.1.0

    TIBCO® Fulfillment Order Management 4.0.2

    Apply Hotfix

    Apply Hotfix

    Apply Hotfix

    Apply Hotfix

    TIBCO® Fulfillment Provisioning

    See Note 1

    See Note 1 

    See Note 1

    See Note 1

    TIBCO® Fulfillment Subscriber Inventory

    See Note 1

    See Note 1 

    See Note 1

    See Note 1

    TIBCO® GeoAnalytics

    TIBCO® Graph Database

    TIBCO Hawk® version 6.2.1 and below

    TIBCO iProcess® version 11.7.0 and below

    TIBCO iProcess® Engine (Oracle, SQL, DB2) 11.8.x, TIBCO iProcess® Workspace (Windows, Browser, Plug-ins ) 11.8.x, TIBCO iProcess® Technology Plug-ins 11.8.x , TIBCO iProcess® Web Services (Server Plug-in, Client Plug-in) 11.8.x

    Apply Service Pack or Mitigation

    Apply Service Pack or Mitigation

     

    TIBCO iWay® Service Manager

    TIBCO iWay® Service Manager Cloud

    TIBCO Jaspersoft® ETL 7.3.1

    Apply Mitigation

    Apply Mitigation

    Apply Mitigation

    TIBCO Jaspersoft® ETL Administration Center 7.3.1

    Apply Mitigation

    Apply Mitigation

    Apply Mitigation

    TIBCO JasperReports® Library

    TIBCO JasperReports® Server 7.5.1, 7.8.0, 7.9.0, and 8.0.0

    Apply Hotfix

    Apply Hotfix

    TIBCO LABS™ Project Discover

    TIBCO Loglogic® Log Management Intelligence and Enterprise Virtual Appliance versions 6.3.0 and below

    TIBCO Loglogic® Log Management Intelligence and Enterprise Virtual Appliance version 6.3.1

    Apply Mitigation

    Apply Mitigation

    Apply Mitigation

    Apply Mitigation

    TIBCO LogLogic® Universal Collector

    TIBCO® Managed File Transfer Command Center and TIBCO® Managed File Transfer Internet Server

    Note: No TIBCO® Managed File Transfer Platform Server utilizes Apache Log4J, and none are vulnerable to this issue. Specifically the following Platform Servers:

    • TIBCO® Managed File Transfer Platform Server for Windows
    • TIBCO® Managed File Transfer Platform Server for Unix
    • TIBCO® Managed File Transfer Platform Server for z/Linux
    • TIBCO® Managed File Transfer Platform Server for z/OS
    • TIBCO® Managed File Transfer Platform Server for IBMi

    Apply Mitigation

    Apply Mitigation

    Apply Mitigation

    TIBCO® Messaging - Eclipse Mosquito Distribution

    TIBCO® MDM version 9.3.0 and below

    TIBCO® MDM Studio

    TIBCO® ModelOps

    TIBCO Nimbus®

    TIBCO Nimbus® Service

    TIBCO® Offer and Price Engine version 5.0.0

    Apply Mitigation

    Apply Mitigation

    Apply Mitigation

    Apply Mitigation

    TIBCO Omni-Gen®, TIBCO Omni-Gen® MDM, TIBCO Omni-HealthData®, TIBCO Omni-Insurance™ versions 3.16 and higher

    Apply Hotfix

    Apply Hotfix

    Apply Hotfix

    Apply Hotfix

    TIBCO Omni-Gen® Cloud

    TIBCO Omni-Gen® MDM Cloud

    TIBCO Omni-HealthData® Cloud

    TIBCO® OpenSpirit

    TIBCO® Operational Intelligence Agent

    TIBCO® Order Management

    Apply Mitigation

    Apply Mitigation

    Apply Mitigation

    Apply Mitigation

    TIBCO® Order Management - Long Running 5.0.0

    Apply Hotfix

    Apply Hotfix

    Apply Hotfix

    Apply Hotfix

    TIBCO PartnerExpress™

    TIBCO® Patterns - Search version 5.5.0 and below

    TIBCO® Patterns - Search version 5.6.0 thru 5.7.0

    Apply Hotfix

    Apply Hotfix

    Apply Hotfix

    Apply Hotfix

    TIBCO® Product and Service Catalog

    TIBCO Rendezvous® version 8.5.1 and above

    TIBCO Scribe® Insight

    TIBCO Scribe® Online

    TIBCO Silver® Fabric

    TIBCO Spotfire® Analyst

    TIBCO Spotfire® Automation Services

    TIBCO Spotfire® Business Author

    TIBCO Spotfire® Cloud Enterprise

    TIBCO Spotfire® Consumer

    TIBCO Spotfire® Data Streams

    TIBCO Spotfire® Desktop

    TIBCO Spotfire® Qualification

    TIBCO Spotfire® Server, TIBCO Spotfire® Statistics Services, TIBCO Spotfire® Service for Python, TIBCO® Enterprise Runtime for R - Server Edition

    Apply Service Pack or Mitigation

    Apply Service Pack or Mitigation

    Apply Service Pack or Mitigation

    Apply Service Pack or Mitigation

    TIBCO Statistica®

    TIBCO Statistica® Service for Spotfire® Server versions 13.6, 14.0, and V140HFS02-Spotfire

    Apply Hotfix or Mitigation

    Apply Hotfix or Mitigation

    Apply Hotfix or Mitigation

    Apply Hotfix or Mitigation

    TIBCO® Streaming

    See Note 2

    See Note 2

    See Note 2

    TIBCO WebFOCUS® Legacy Releases

    TIBCO WebFOCUS® App Studio

    TIBCO WebFOCUS® Cloud

    TIBCO WebFOCUS®, TIBCO WebFOCUS® Reporting Server, and TIBCO Data Migrator 8207.27.0 to 8207.28.05 Hotfixes

    Apply Hotfix

    Apply Hotfix

    tibbr®

     

    Notes:

    1. If a customer has implemented the JMSAppender class for plugins they have written they should check to make sure they don’t expose this vulnerability. For more details see: https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301
    2. If a customer has developed their own java code or installed 3rd party libraries they should check to make sure they don't expose this vulnerability. This applies to BW5, BW6, BWCE, and the plugin ecosystems.


×
×
  • Create New...