Introducing the all-new TIBCO Community site!

For current users, please click "Sign In" to reset your password and access the enhanced features. If you're a first-time visitor, we extend a warm welcome—click "Sign Up" to become a part of the TIBCO Community!

If you're seeking alternative community sites, explore ibi, Jaspersoft, and Spotfire.

Jump to content
  • Spring Framework Vulnerability Update


    admin

    TIBCO is aware of the recently announced Java Spring Framework vulnerabilities (CVE-2022-22963, CVE-2022-22965), with one of them being referred to as “Spring4Shell”. These vulnerabilities potentially enable an attacker to execute arbitrary code by taking advantage of poor data bindings and/or malicious expression language statements. 

    TIBCO is also aware of CVE-2022-22950, and this issue is under investigation as part of our response to CVE-2022-22963 and CVE-2022-22965. 

    TIBCO is assessing the risk of CVE-2022-22968 and will respond as appropriate. At this time, we believe this is a low risk. 

    TIBCO is actively monitoring the still evolving situation and updates with regards to the Java Spring Framework and our Product Security Incident Response Team (PSIRT) is actively evaluating how this vulnerability may affect TIBCO products and cloud services.

    We will provide updates as more information becomes available and we complete our investigation. This information will include which TIBCO products and services are affected and how customers and users of those products and services can best mitigate or protect themselves from being exploited by this vulnerability.

    For more information on the vulnerability, please see the following references:

     

    For Active Security Vulnerabilities we will post daily updates by 5:00 PM PT

     

    Spring Framework Status for TIBCO Products

    (applies to versions that are currently in Standard Support)

    New Products or status change not in previous updates are indicated by the product name in BOLD

    Short Term Mitigations and Service Packs are hotlinked in the product name.

    Legend

    ✅ - Unaffected

    🛠️ - Remediated through Service Pack or Short Term Mitigation

    🔍 - Under Investigation

     

    TIBCO Product

    CVE-2022-22950

    CVE-2022-22963

    CVE-2022-22965

    TIBCO® distribution of Apache Kafka - All Versions

    TIBCO® distribution of Apache Pulsar - All Versions

    TIBCO ActiveMatrix® Adapter Framework - All Versions

    TIBCO ActiveMatrix® Service Grid Platform version 3.4.0 and below

    TIBCO ActiveMatrix BusinessWorks™ version 6.6.x and below

    TIBCO ActiveMatrix BusinessWorks™ version 6.7.0 and above

    🛠️

    🛠️ 

    TIBCO ActiveSpaces® - All Versions

    TIBCO® Adapter Migration - All Versions

    TIBCO® Adapter SDK - All Versions

    TIBCO Administrator version 5.11.3 and below

    TIBCO Administrator version 5.12.0 and above

    🔍

    🔍 

    TIBCO® API Exchange Gateway - All Versions

    TIBCO® AuditSafe version 1.1.1 and below

    TIBCO® BPM Enterprise version 5.2.2 and below

    TIBCO BusinessConnect™ and its plugins version 7.3 and below

    TIBCO BusinessConnect™ Container Edition version 1.2 and below

    TIBCO BusinessEvents® version 6.2.1 and below

    🛠️

    🛠️ 

    TIBCO BusinessWorks™ Container Edition version 2.7.1 and below

    🛠️

    🛠️ 

    TIBCO BusinessWorks™ version 5.15.0 and above

    🔍

    🔍 

    TIBCO BusinessWorks™ version 5.14.0 and below

    TIBCO BusinessWorks™ 5 adapters and plugins ecosystem

    TIBCO BusinessWorks™ 6 adapters and plugins ecosystem

    TIBCO BusinessWorks™ Container Edition plugins ecosystem

    TIBCO® Clarity version 3.2.1 and below

    TIBCO® Clarity – Cloud Edition version 3.1.0 and below

    TIBCO Cloud 

        TIBCO Cloud™ Compute

        TIBCO Cloud™ Data Streams

        TIBCO Cloud™ Events

        TIBCO Cloud™ Integration - Connect (Scribe)

        TIBCO Cloud™ Integration - Develop (Flogo) 

        TIBCO Cloud™ Integration - Integrate (BusinessWorks)

        TIBCO Cloud™ Messaging

        TIBCO Cloud™ Spotfire

        TIBCO Cloud™ Live Apps

        TIBCO Cloud™ Nimbus®

    TIBCO Cloud™ API Management - Local Edition version 5.5.1 and below

    TIBCO Cloud™ API Management - SaaS Edition - All Versions

    TIBCO DataSynapse GridServer® - All Versions

    TIBCO DataSynapse™ High-Performance Computing Cloud Adapter - All Versions

    TIBCO® Data Migrator - All Versions

    TIBCO® Data Science version 1.2.1 and below

    TIBCO® Data Science for TIBCO Spotfire® Analyst 14.0.0 and below

    TIBCO® Data Science Service for TIBCO Spotfire® 14.0.2 and above

    TIBCO® Data Science Team Studio version 6.6 and below

    TIBCO® Data Virtualization version 8.5.2 and below

    TIBCO EBX® version 6.0.5 and below

    TIBCO EBX® Addons version 4.5.10 and above

    TIBCO EBX® Addons version 5.3.2 and above

    TIBCO® Enterprise Administrator version 2.4.1 and below

    🛠️

    🛠️ 

    TIBCO Enterprise Message Service™ - All Versions

    TIBCO® Enterprise Runtime for R - Server Edition versions 1.3.7, 1.7.5, 1.11.1

    🛠️

    🛠️ 

    TIBCO Flogo® Connectors - All Versions

    TIBCO FOCUS® - All Versions

    TIBCO Foresight® Archive and Retrieval System - All Versions

    TIBCO Foresight® Connect with FHIR version 1.0.1 and above

    TIBCO Foresight® EDISIM - All Versions

    TIBCO Foresight® EDISIM HIPAA Validator Desktop - All Versions

    TIBCO Foresight® Operational Monitor - All Versions

    TIBCO Foresight® Transaction Insight® - All Versions

    TIBCO Foresight® Translator Attachment Adapter - All Versions

    TIBCO Foresight® Translator - Healthcare and Standard Editions - All Versions

    TIBCO eFTL™ - All Versions

    TIBCO FTL® - All Versions

    TIBCO Fulfillment® Order Management version 4.0.2 and below

    TIBCO® Fulfillment Subscriber Inventory version 2.0 and below

    TIBCO® Graph Database version 3.1.0 and below

    TIBCO Hawk® version 5.2.0 and below

    TIBCO Hawk® version 6.2.0 and above

    🔍

    🔍 

    TIBCO iProcess® Engine (Oracle, SQL, and DB2) - All Versions

    TIBCO iProcess® Technology plug-ins - All Versions

    TIBCO iProcess® Workspace (Windows, Browser, and plug-ins)  - All Versions 

    TIBCO iWay® Service Manager version 8.0.5 and above

    TIBCO® Inform Cloud version 8.5.0 and below

    TIBCO JasperReports® IO (Professional and At-Scale offerings) version 3.0.x and below

    🛠️

    🛠️ 

    TIBCO JasperReports® Library (Professional and Community offerings)

     version 8.0.x and below

    TIBCO JasperReports® Server (Professional and Community offerings) version 8.0.x and below

    TIBCO JasperReports® Server for AWS version 8.0.x and below

    🛠️

    🛠️ 

    TIBCO JasperReports® Server for Azure version 8.0.x and below

    🛠️

    🛠️ 

    TIBCO Jaspersoft® Studio (Professional and Community offerings) version 8.0.x and below

    🛠️

    🛠️ 

    TIBCO LogLogic® Enterprise Virtual Appliance version 6.3.0 and below

    TIBCO LogLogic® Enterprise Virtual Appliance version 6.3.1 and above

    🔍

    🔍 

    TIBCO LogLogic® Log Management Intelligence version 6.3.0 and below

    TIBCO LogLogic® Log Management Intelligence version 6.3.1

    🛠️

    🛠️ 

    TIBCO LogLogic® Log Management Intelligence version 6.4.0 and above

    🛠️

    🛠️ 

    TIBCO LogLogic® Log Source Packages - All Versions

    TIBCO LogLogic® Universal Collector Software version 2.8.0 and above 

    TIBCO® Managed File Transfer Command Center version 8.4 and below

    🛠️

    🛠️ 

    TIBCO® Managed File Transfer Internet Server version 8.4 and below

    🛠️

    🛠️ 

    TIBCO® Managed File Transfer Platform Server for UNIX/zLinux - All Versions

    TIBCO® Managed File Transfer Platform Server for Windows - All Versions

    TIBCO® Managed File Transfer Platform Server for z/OS - All Versions

    TIBCO® MDM version 9.3.0 and below

    TIBCO® Messaging - Eclipse Mosquitto Distribution - All Versions

    TIBCO® Messaging Manager - All Versions

    TIBCO® Messaging Monitor - All Versions

    TIBCO® Metadata Agent version 3.0.3 and below

    🔍

    🔍 

    TIBCO® ModelOps version 1.1 and below

    TIBCO Nimbus® version 10.5.0 and below

    TIBCO Nimbus® Service version 10.5.0 and below

    TIBCO® Offer and Price Engine version 5.1.0 and below

    🔍

    🔍 

    🔍 

    TIBCO Omni-Gen® version 3.1.6 through 4.1.1

    TIBCO® OpenSpirit versions 4.3 and below

    TIBCO® Operational Intelligence Agent version 3.0.0 and above

    🔍

    🔍 

    TIBCO® Operational Intelligence Hawk® RedTail version 7.0.0 and above

    🔍

    🔍 

    TIBCO® Order Management version 5.1.0 and below

    🔍

    🔍 

    🔍 

    TIBCO® Order Management - LR version 5.0.1 and below

    🔍

    🔍 

    TIBCO® Patterns version 5.6 and below

    🛠️

    🛠️ 

    TIBCO® Product & Catalog version 4.1.0 and below

    TIBCO Rendezvous® - All Versions

    TIBCO® Reward version 22.2 and below

    TIBCO Runtime Agent™ version 5.11.3 and below

    TIBCO Runtime Agent™ version 5.12.1 and above

    🔍

    🔍 

    TIBCO Scribe® Insight version 7.9.5

    TIBCO Silver® Fabric - All Versions

    TIBCO Spotfire® for Amazon Web Services version 11.8.1

    TIBCO Spotfire® Analyst - All Versions

    TIBCO Spotfire® Automation Services - All Versions

    TIBCO Spotfire® Business Author - All Versions

    TIBCO Spotfire® Cloud Enterprise - All Versions

    🛠️

    🛠️ 

    TIBCO Spotfire® Consumer - All Versions

    TIBCO Spotfire® Desktop - All Versions

    TIBCO Spotfire® Qualification - All Versions

    TIBCO Spotfire® Server versions 10.10.11, 11.4.6, and 11.8.1

    🛠️

    🛠️ 

    TIBCO Spotfire® Service for Python versions 1.0.7, 1.3.5, and 1.11.1

    🛠️

    🛠️ 

    TIBCO Spotfire® Statistics Services version 10.10.9, 11.4.6, and 11.8.1 

    🛠️

    🛠️ 

    TIBCO Statistica® version 14.0 and below

    TIBCO® Streaming version 10.6.2 and below

    TIBCO WebFOCUS® Client versions 8207.28.0 and 9.0.0

    TIBCO WebFOCUS® Reporting Server - All Versions

    WebFOCUS®, iWay® Service Manager, and Omni-Gen® -  Legacy Versions

     



×
×
  • Create New...