TIBCO is aware of the recently announced Apache Commons Text vulnerabilities (CVE-2022-42889) which is being referred to as “Text4Shell”. This vulnerability potentially enables a malicious actor to execute arbitrary code by taking advantage of string interpolation.
TIBCO is also aware of CVE-2022-41852, and this issue is under investigation as part of our response to CVE-2022-42889.
TIBCO is assessing the risk of these vulnerabilities and will respond as appropriate.
TIBCO is actively monitoring the still evolving situation and updates with regards to Apache Commons and our Product Security Incident Response Team (PSIRT) is actively evaluating how these vulnerabilities may affect TIBCO products and cloud services.
Apache Commons & JXPath Status for TIBCO Products
(applies to versions that are currently in Standard Support)
The below products have been identified as potentially impacted. If a product is not on the list below, it is not impacted.
Short Term Mitigations and Service Packs are hotlinked in the product name.
Legend
✅ - Unaffected or Already Remediated
🛠️ - Remediated through Service Pack or Short Term Mitigation
🔍 - Under Investigation
TIBCO Product |
||
TIBCO ActiveMatrix® BPM |
✅ |
🔍 |
TIBCO ActiveMatrix® BPM Distribution for TIBCO Silver® Fabric |
✅ |
🔍 |
TIBCO ActiveMatrix BusinessWorks™ |
✅ |
🔍 |
TIBCO ActiveMatrix BusinessWorks™ Distribution for TIBCO Silver® Fabric |
✅ |
🔍 |
TIBCO ActiveMatrix BusinessWorks Plug-in for HL7 with FHIR |
🔍 |
✅ |
TIBCO ActiveMatrix® Service Grid |
✅ |
🔍 |
TIBCO ActiveMatrix® Service Grid Distribution for TIBCO Silver® Fabric |
✅ |
🔍 |
TIBCO® BPM Enterprise |
✅ |
🔍 |
TIBCO® BPM Enterprise Distribution for TIBCO Silver® Fabric |
✅ |
🔍 |
TIBCO Business Studio™ - BPM Edition version 5.1.0 and above |
✅ |
✅ |
TIBCO BusinessWorks™ Container Edition |
✅ |
🔍 |
TIBCO BusinessWorks™ Container Edition Buildpack for VMWare Tanzu |
✅ |
🔍 |
TIBCO Cloud™ Integration |
🔍 |
🔍 |
TIBCO Cloud™ Spotfire® |
✅ |
✅ |
TIBCO Cloud™ EBX® |
✅ |
✅ |
🛠️ |
✅ |
|
✅ |
✅ |
|
TIBCO DQ |
✅ |
✅ |
🛠️ |
✅ |
|
TIBCO EBX® Add-ons |
🛠️ |
✅ |
TIBCO EBX® Cloud Enterprise |
🔍 |
✅ |
TIBCO EBX® Cloud Enterprise - Record Add-on |
🔍 |
✅ |
TIBCO GatherSmart™ |
✅ |
🔍 |
✅ |
🛠️ |
|
✅ |
🛠️ |
|
TIBCO® Health Essentials Cloud |
🛠️ |
✅ |
🛠️ |
✅ |
|
🛠️ |
✅ |
|
🛠️ |
✅ |
|
🛠️ |
✅ |
|
🛠️ |
✅ |
|
🛠️ |
✅ |
|
🛠️ |
✅ |
|
TIBCO® Law Enforcement Foundation Cloud |
🔍 |
✅ |
TIBCO® Metadata - Agent |
🔍 |
✅ |
🛠️ |
🔍 |
|
🛠️ |
✅ |
|
🛠️ |
✅ |
|
🛠️ |
✅ |
|
🛠️ |
✅ |
|
🛠️ |
✅ |
|
🛠️ |
✅ |
|
🛠️ |
✅ |
|
🛠️ |
✅ |
|
TIBCO® Order Management |
✅ |
🔍 |
TIBCO® Order Management - Long Running |
✅ |
🔍 |
TIBCO® Order Management - Low Latency |
✅ |
🔍 |
TIBCO® Patterns - Search version 5.7.0 and above |
✅ |
✅ |
TIBCO® Product and Service Catalog powered by TIBCO EBX |
🔍 |
✅ |
TIBCO Runtime Agent™ |
✅ |
🔍 |
TIBCO Silver® Fabric |
✅ |
🔍 |
🛠️ |
✅ |
|
TIBCO Spotfire® Cloud Enterprise |
🔍 |
✅ |
🛠️ |
✅ |
|
🛠️ |
✅ |
|
🛠️ |
✅ |
|
🛠️ |
✅ |
|
🛠️ |
✅ |
|
🛠️ |
✅ |
|
🛠️ |
✅ |