TIBCO continues to work on investigating and identifying mitigations for the series of Apache Log4J related vulnerabilities - CVE-2021-44228 (referred to as the “Log4Shell” vulnerability), CVE-2021-45046, CVE-2021-44832, and CVE-2021-45105. The table below contains the current status of these efforts. TIBCO continues to make the investigation and remediation of this vulnerability its top priority.
TIBCO is aware of CVE-2021-4104 and this issue was investigated as part of our response to CVE-2021-44228. It is addressed by Note 1 below.
TIBCO products or services are not impacted by CVE-2019-17571, CVE-2022-23302, CVE-2022-23305, and CVE-2022-23307.
TIBCO products not listed in the sections below are still under active investigation and information about them will be posted in upcoming updates.
TIBCO is monitoring and working with OEM third-party vendors on this issue and we will provide additional information as it becomes available on the effect of those vendor’s offerings on TIBCO products.
TIBCO will publish short-term remediation guidance as it becomes available. TIBCO will follow up this guidance with, if appropriate, a hotfix and ultimately an official release to address this vulnerability.
Here is the current status as of the publication time of this update.
Log4J CVE Status for TIBCO Products
(applies to versions that are currently in Standard Support)
New Products or status change not in previous updates are indicated by the product name in BOLD
Mitigations, Hotfixes and Service Packs are hotlinked in the product name.
Legend
✅ - Unaffected or remediate
🔍 - Under Investigation
|
TIBCO Product |
||||
|
✅ Apply Mitigation |
🔍 |
🔍 |
✅ |
|
|
✅ Apply Mitigation |
🔍 |
🔍 |
✅ |
|
|
✅ Apply Mitigation |
🔍 |
🔍 |
✅ |
|
|
TIBCO ActiveMatrix® Service Grid Platform |
✅ See Note 1 |
✅ See Note 1 |
✅ See Note 1 |
✅ |
|
TIBCO ActiveSpaces® version 2.x |
✅ See Note 1 |
✅ See Note 1 |
✅ See Note 1 |
✅ |
|
TIBCO ActiveSpaces® version 4.x |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Apache Kafka® Distribution |
✅ |
✅ |
✅ |
✅ |
|
TIBCO® API Exchange Gateway |
✅ |
✅ |
✅ |
✅ |
|
TIBCO® API Exchange Manager |
✅ |
✅ |
✅ |
✅ |
|
✅ |
✅ |
✅ |
✅ |
|
|
TIBCO® BPM Enterprise 4.3.x product line (formerly known as TIBCO® ActiveMatrix BPM) |
✅ See Note 1 |
✅ See Note 1 |
✅ See Note 1 |
✅ |
|
TIBCO® BPM Enterprise version 5.2.1 and above |
✅ |
✅ |
✅ |
✅ |
|
TIBCO BusinessConnect™ |
✅ |
✅ |
✅ |
✅ |
|
✅ |
✅ |
✅ |
✅ |
|
|
TIBCO BusinessConnect™ Trading Community Management |
✅ |
✅ |
✅ |
✅ |
|
TIBCO BusinessEvents® versions 5.x and below |
✅ |
✅ |
✅ |
✅ |
|
TIBCO BusinessEvents® Enterprise Edition versions 6.0.0 thru 6.2.0 |
✅ Apply Mitigation |
✅ See Note 2 |
✅ See Note 2 |
✅ See Note 2 |
|
TIBCO BusinessEvents® Extreme |
✅ |
✅ |
✅ |
✅ |
|
TIBCO BusinessWorks™ 5.14 (TRA 5.11.x and TIBCO Administrator™ 5.11.x) and prior versions |
✅ See Notes 1 and 2 |
✅ See Notes 1 and 2 |
✅ See Notes 1 and 2 |
✅ See Notes 1 and 2 |
|
✅ Apply Hotfix |
✅ Apply Hotfix |
✅ |
✅ |
|
|
TIBCO BusinessWorks™ 5 adapters and plugins ecosystem |
✅ See Notes 1 and 2 |
✅ See Notes 1 and 2 |
✅ See Notes 1 and 2 |
✅ See Notes 1 and 2 |
|
TIBCO BusinessWorks™ 6 |
✅ See Notes 1 and 2 |
✅ See Notes 1 and 2 |
✅ See Notes 1 and 2 |
✅ See Notes 1 and 2 |
|
TIBCO BusinessWorks™ 6 plugins ecosystem |
✅ See Notes 1 and 2 |
✅ See Notes 1 and 2 |
✅ See Notes 1 and 2 |
✅ See Notes 1 and 2 |
|
TIBCO BusinessWorks™ Container Edition |
✅ See Notes 1 and 2 |
✅ See Notes 1 and 2 |
✅ See Notes 1 and 2 |
✅ See Notes 1 and 2 |
|
TIBCO BusinessWorks™ Container Edition plugins ecosystem |
✅ See Notes 1 and 2 |
✅ See Notes 1 and 2 |
✅ See Notes 1 and 2 |
✅ See Notes 1 and 2 |
|
TIBCO® Clarity – Cloud Edition |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ |
||||
|
TIBCO Cloud™ API Management |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ AuditSafe |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ Data Streams |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ Events |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ Integration |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ Live Apps |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ Messaging |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ Metadata |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ Nimbus® |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ Spotfire® |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ MDM |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ API Management - Local Edition |
✅ |
✅ |
✅ |
✅ |
|
TIBCO DataSynapse GridServer® |
✅ |
✅ |
✅ |
✅ |
|
TIBCO DataSynapse™ High-Performance Computing Cloud Adapter |
✅ |
✅ |
✅ |
✅ |
|
TIBCO® Data Migrator versions 8204 and below |
✅ |
✅ |
✅ |
✅ |
|
TIBCO® Data Migrator Cloud |
✅ |
✅ |
✅ |
✅ |
|
TIBCO® Data Science for TIBCO Spotfire® Analyst Version |
✅ |
✅ |
✅ |
✅ |
|
TIBCO® Data Science Team Studio |
✅ |
✅ |
✅ |
✅ |
|
TIBCO® Data Virtualization version 8.4.0 and below |
✅ See Note 1 |
✅ See Note 1 |
✅ See Note 1 |
✅ See Note 1 |
|
✅ Apply Service Pack |
✅ Apply Service Pack |
✅ Apply Service Pack |
✅ Apply Service Pack |
|
|
TIBCO EBX® versions 5.8.x thru 6.x |
✅ See Notes 1 and 2 |
✅ See Notes 1 and 2 |
✅ See Notes 1 and 2 |
✅ See Notes 1 and 2 |
|
✅ Apply Hotfix |
✅ Apply Hotfix |
✅ Apply Hotfix |
✅ |
|
|
✅ Apply Hotfix |
✅ Apply Hotfix |
✅ Apply Hotfix |
✅ |
|
|
TIBCO® Enterprise Administrator (TEA) |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Enterprise Message Service™ |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Enterprise Message Service™ Appliance (EMSA) |
✅ |
✅ |
✅ |
✅ |
|
TIBCO FOCUS® |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Flogo® Enterprise and all connectors |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Foresight® Archive and Retrieval System Standard and Healthcare Editions versions 5.0.0 thru 5.3.0 |
✅ |
✅ |
✅ |
✅ |
|
✅ Apply Hotfix |
✅ Apply Hotfix |
✅ |
✅ |
|
|
TIBCO Foresight® Instream (Healthcare and Standard Editions) versions 8.8.0 thru 9.2.0 |
✅ Apply Hotfix |
✅ Apply Hotfix |
✅ |
✅ |
|
TIBCO Foresight® Operation Monitor Standard and Healthcare Editions versions 5.0.0 thru 5.3.0 |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Foresight® Transaction Insight Standard and Healthcare Editions versions 5.0.0 thru 5.3.0 |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Foresight® Translator (Healthcare and Standard Editions) versions 3.8.0 thru 4.1.0 |
✅ Apply Hotfix |
✅ Apply Hotfix |
✅ |
✅ |
|
TIBCO FTL® and eFTL |
✅ |
✅ |
✅ |
✅ |
|
TIBCO® Fulfillment Catalog Software versions 3.0.0 thru 4.1.0 |
✅ |
✅ |
✅ |
✅ |
|
✅ Apply Hotfix |
✅ Apply Hotfix |
✅ Apply Hotfix |
✅ Apply Hotfix |
|
|
TIBCO® Fulfillment Provisioning |
✅ See Note 1 |
✅ See Note 1 |
✅ See Note 1 |
✅ See Note 1 |
|
TIBCO® Fulfillment Subscriber Inventory |
✅ See Note 1 |
✅ See Note 1 |
✅ See Note 1 |
✅ See Note 1 |
|
TIBCO® GeoAnalytics |
✅ |
✅ |
✅ |
✅ |
|
TIBCO® Graph Database |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Hawk® version 6.2.1 and below |
✅ |
✅ |
✅ |
✅ |
|
TIBCO iProcess® version 11.7.0 and below |
✅ |
✅ |
✅ |
✅ |
|
✅ Apply Service Pack or Mitigation |
✅ Apply Service Pack or Mitigation |
✅ |
✅
|
|
|
TIBCO iWay® Service Manager |
✅ |
✅ |
✅ |
✅ |
|
TIBCO iWay® Service Manager Cloud |
✅ |
✅ |
✅ |
✅ |
|
✅ Apply Mitigation |
✅ Apply Mitigation |
✅ Apply Mitigation |
✅ |
|
|
✅ Apply Mitigation |
✅ Apply Mitigation |
✅ Apply Mitigation |
✅ |
|
|
TIBCO JasperReports® Library |
✅ |
✅ |
✅ |
✅ |
|
✅ Apply Hotfix |
✅ Apply Hotfix |
✅ |
✅ |
|
|
TIBCO LABS™ Project Discover |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Loglogic® Log Management Intelligence and Enterprise Virtual Appliance versions 6.3.0 and below |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Loglogic® Log Management Intelligence and Enterprise Virtual Appliance version 6.3.1 |
✅ Apply Mitigation |
✅ Apply Mitigation |
✅ Apply Mitigation |
✅ Apply Mitigation |
|
TIBCO LogLogic® Universal Collector |
✅ |
✅ |
✅ |
✅ |
|
TIBCO® Managed File Transfer Command Center and TIBCO® Managed File Transfer Internet Server Note: No TIBCO® Managed File Transfer Platform Server utilizes Apache Log4J, and none are vulnerable to this issue. Specifically the following Platform Servers:
|
✅ Apply Mitigation |
✅ Apply Mitigation |
✅ Apply Mitigation |
✅ |
|
TIBCO® Messaging - Eclipse Mosquito Distribution |
✅ |
✅ |
✅ |
✅ |
|
TIBCO® MDM version 9.3.0 and below |
✅ |
✅ |
✅ |
✅ |
|
TIBCO® MDM Studio |
✅ |
✅ |
✅ |
✅ |
|
TIBCO® ModelOps |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Nimbus® |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Nimbus® Service |
✅ |
✅ |
✅ |
✅ |
|
✅ Apply Mitigation |
✅ Apply Mitigation |
✅ Apply Mitigation |
✅ Apply Mitigation |
|
|
✅ Apply Hotfix |
✅ Apply Hotfix |
✅ Apply Hotfix |
✅ Apply Hotfix |
|
|
TIBCO Omni-Gen® Cloud |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Omni-Gen® MDM Cloud |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Omni-HealthData® Cloud |
✅ |
✅ |
✅ |
✅ |
|
TIBCO® OpenSpirit |
✅ |
✅ |
✅ |
✅ |
|
TIBCO® Operational Intelligence Agent |
✅ |
✅ |
✅ |
✅ |
|
✅ Apply Mitigation |
✅ Apply Mitigation |
✅ Apply Mitigation |
✅ Apply Mitigation |
|
|
✅ Apply Hotfix |
✅ Apply Hotfix |
✅ Apply Hotfix |
✅ Apply Hotfix |
|
|
TIBCO PartnerExpress™ |
✅ |
✅ |
✅ |
✅ |
|
TIBCO® Patterns - Search version 5.5.0 and below |
✅ |
✅ |
✅ |
✅ |
|
✅ Apply Hotfix |
✅ Apply Hotfix |
✅ Apply Hotfix |
✅ Apply Hotfix |
|
|
TIBCO® Product and Service Catalog |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Rendezvous® version 8.5.1 and above |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Scribe® Insight |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Scribe® Online |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Silver® Fabric |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Spotfire® Analyst |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Spotfire® Automation Services |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Spotfire® Business Author |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Spotfire® Cloud Enterprise |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Spotfire® Consumer |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Spotfire® Data Streams |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Spotfire® Desktop |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Spotfire® Qualification |
✅ |
✅ |
✅ |
✅ |
|
✅ Apply Service Pack or Mitigation |
✅ Apply Service Pack or Mitigation |
✅ Apply Service Pack or Mitigation |
✅ Apply Service Pack or Mitigation |
|
|
TIBCO Statistica® |
✅ |
✅ |
✅ |
✅ |
|
TIBCO Statistica® Service for Spotfire® Server versions 13.6, 14.0, and V140HFS02-Spotfire |
✅ Apply Hotfix or Mitigation |
✅ Apply Hotfix or Mitigation |
✅ Apply Hotfix or Mitigation |
✅ Apply Hotfix or Mitigation |
|
TIBCO® Streaming |
✅ See Note 2 |
✅ See Note 2 |
✅ See Note 2 |
✅ |
|
✅ |
✅ |
✅ |
✅ |
|
|
TIBCO WebFOCUS® App Studio |
✅ |
✅ |
✅ |
✅ |
|
TIBCO WebFOCUS® Cloud |
✅ |
✅ |
✅ |
✅ |
|
✅ Apply Hotfix |
✅ Apply Hotfix |
✅ |
✅ |
|
|
tibbr® |
✅ |
✅ |
✅ |
✅ |
Notes:
- If a customer has implemented the JMSAppender class for plugins they have written they should check to make sure they don’t expose this vulnerability. For more details see: https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301
- If a customer has developed their own java code or installed 3rd party libraries they should check to make sure they don't expose this vulnerability. This applies to BW5, BW6, BWCE, and the plugin ecosystems.
