Security Advisories for TIBCO Products

September 3, 2014
TIBCO Spotfire® Server

We would like to call your attention to a security advisory for,

  • TIBCO Spotfire® Server 3.3 and earlier
  • TIBCO Spotfire Server 4.5.0 and 4.5.1
  • TIBCO Spotfire Server 5.0.0, 5.0.1, and 5.0.2
  • TIBCO Spotfire Server 5.5.0 and 5.5.1
  • TIBCO Spotfire Server 6.0.0, 6.0.1, and 6.0.2
  • TIBCO Spotfire Server 6.5.0

Please be assured that we have taken proactive steps to address these issues, including the release of new product versions:

  • TIBCO Spotfire Server 4.5.2
  • TIBCO Spotfire Server 5.0.3
  • TIBCO Spotfire Server 5.5.2
  • TIBCO Spotfire Server 6.0.3
  • TIBCO Spotfire Server 6.5.1

To secure deployments of these products, it is recommended that customers upgrade to the latest version of each affected product.

TIBCO customers and OEM partners with current maintenance contracts for these products can obtain the latest releases through their standard TIBCO fulfillment channel.

For more detailed information, including how to access the updated maintenance release, installation instructions, frequently asked questions, and contact information through which additional questions can be answered, please visit the  Security Advisories for TIBCO Products web page.

April 29, 2014
TIBCO® Managed File Transfer Internet Server
TIBCO® Managed File Transfer Command Center
TIBCO® Slingshot
TIBCO® Vault

We would like to call your attention to a security advisory for,

  • TIBCO® Managed File Transfer Internet Server 7.2.1 and earlier
  • TIBCO® Managed File Transfer Command Center 7.2.1 and earlier
  • TIBCO® Slingshot 1.9.0 and earlier
  • TIBCO® Vault 1.0.0

Please be assured that we have taken proactive steps to address these issues, including the release of new product versions:

  • TIBCO Managed File Transfer Internet Server 7.2.2
  • TIBCO Managed File Transfer Command Center 7.2.2
  • TIBCO Slingshot 1.9.1
  • TIBCO Vault 1.0.1

To secure deployments of these products, it is recommended that customers upgrade to the latest version of each affected product.

TIBCO customers and OEM partners with current maintenance contracts for these products can obtain the latest releases through their standard TIBCO fulfillment channel.

For more detailed information, including how to access the updated maintenance release, installation instructions, frequently asked questions, and contact information through which additional questions can be answered, please visit the Security Advisories for TIBCO Products web page.

April 9, 2014
TIBCO Spotfire® Server
TIBCO Spotfire® Professional
TIBCO Spotfire® Web Player
TIBCO Spotfire® Automation Services
TIBCO Spotfire® Deployment Kit
TIBCO Spotfire® Desktop
TIBCO Spotfire® Analyst

We would like to call your attention to a security advisory for,

  • TIBCO Spotfire® Server 3.3.3 and below, 4.5.0, 5.0.0, 5.0.1, 5.5.0, 6.0.0 and 6.0.1
  • TIBCO Spotfire® Professional 4.0.3 and below, 4.5.0, 4.5.1, 5.0.0, 5.0.1, 5.5.0, and 6.0.0
  • TIBCO Spotfire® Web Player 4.0.3 and below, 4.5.0, 4.5.1, 5.0.0, 5.0.1, 5.5.0, and 6.0.0
  • TIBCO Spotfire® Automation Services 4.0.3 and below, 4.5.0, 4.5.1, 5.0.0, 5.0.1, 5.5.0 and 6.0.0
  • TIBCO Spotfire® Deployment Kit 4.0.3 and below, 4.5.0, 4.5.1, 5.0.0, 5.0.1, 5.5.0 and 6.0.0
  • TIBCO Spotfire® Desktop 6.0.0 and below
  • TIBCO Spotfire® Analyst 6.0.0 and below

Note that these products are also bundled for download with additional TIBCO products. A list of such products and a copy of the advisory can be found on the Security Advisories for TIBCO Products web page and in the FAQs linked from this page.

Please be assured that we have taken proactive steps to address these issues, including the release of new product versions:

  • TIBCO Spotfire Server 3.3.4, 4.5.1, 5.0.2, 5.5.1 and 6.0.2
  • TIBCO Spotfire Professional 4.0.4, 4.5.2, 5.0.2, 5.5.1 and 6.0.1
  • TIBCO Spotfire Web Player 4.0.4, 4.5.2, 5.0.2, 5.5.1 and 6.0.1
  • TIBCO Spotfire Automation Services 4.0.4, 4.5.2, 5.0.2, 5.5.1 and 6.0.1
  • TIBCO Spotfire Deployment Kit 4.0.4, 4.5.2, 5.0.2, 5.5.1 and 6.0.1
  • TIBCO Spotfire Desktop 6.0.1
  • TIBCO Spotfire Analyst 6.0.1

To secure deployments of these products, it is recommended that customers upgrade to the latest version of each affected product.

TIBCO customers and OEM partners with current maintenance contracts for these products can obtain the latest releases through their standard TIBCO fulfillment channel.

For more detailed information, including how to access the updated maintenance release, installation instructions, frequently asked questions, and contact information through which additional questions can be answered, please visit the Security Advisories for TIBCO Products web page.

April 8, 2014
TIBCO Rendezvous®
TIBCO Messaging Appliance™
TIBCO Substation ES™

We would like to call your attention to a security advisory for,

  • TIBCO Rendezvous® 8.4.1 and below
  • TIBCO Messaging Appliance™ 8.7.0 and below
  • TIBCO Substation ES™ 2.8.0 and below

Note that TIBCO Rendezvous is bundled for download with additional TIBCO products. A list of such products and a copy of the advisory can be found on the Security Advisories for TIBCO Products web page.

Please be assured that we have taken proactive steps to address these issues, including the release of new product versions:

  • TIBCO Rendezvous 8.4.2
  • TIBCO Messaging Appliance 8.7.1
  • TIBCO Substation ES 2.8.1

To secure deployments of these products, it is recommended that customers upgrade to the latest version of each affected product.

TIBCO customers and OEM partners with current maintenance contracts for these products can obtain the latest releases through their standard TIBCO fulfillment channel.

For more detailed information, including how to access the updated maintenance release, installation instructions, frequently asked questions, and contact information through which additional questions can be answered, please visit the Security Advisories for TIBCO Products web page.

February 26, 2014
TIBCO® Enterprise Administrator 1.0.0
TIBCO® Enterprise Administrator SDK 1.0.0

We would like to call your attention to a security advisory for,

  • TIBCO® Enterprise Administrator 1.0.0
  • TIBCO® Enterprise Administrator SDK 1.0.0

Please be assured that we have taken proactive steps to address these issues, including the release of new product versions and security packs:

  • TIBCO® Enterprise Administrator 1.1.0
  • TIBCO® Enterprise Administrator SDK 1.1.0

To secure deployments of these products, it is recommended that customers upgrade to the latest version of each affected product or apply the relevant security pack.

TIBCO customers and OEM partners with current maintenance contracts for these products can obtain the latest releases through their standard TIBCO fulfillment channel.

For more detailed information, including how to access the updated maintenance release, installation instructions, frequently asked questions, and contact information through which additional questions can be answered, please visit the Security Advisories for TIBCO Products web page.

September 25, 2013
TIBCO ActiveMatrix BusinessWorks™ Service Engine
TIBCO ActiveMatrix BusinessWorks™ Service Engine
Distribution for TIBCO Silver® Fabric
TIBCO ActiveMatrix® Policy Director
TIBCO ActiveMatrix® Service Bus
TIBCO ActiveMatrix® Service Grid
TIBCO ActiveMatrix® Service Grid Distribution for TIBCO
Silver® Fabric

We would like to call your attention to a security advisory for,

  • TIBCO ActiveMatrix BusinessWorks™ Service Engine version 5.10.0
  • TIBCO ActiveMatrix BusinessWorks™ Service Engine Distribution for TIBCO Silver® Fabric version 5.10.0
  • TIBCO ActiveMatrix® Policy Director versions 1.0.0 and 1.0.1
  • TIBCO ActiveMatrix® Service Bus version 3.2.0
  • TIBCO ActiveMatrix® Service Grid versions 3.2.0 and 3.2.1
  • TIBCO ActiveMatrix® Service Grid Distribution for TIBCO Silver® Fabric version 3.2.0

Please be assured that we have taken proactive steps to address these issues, including the release of new product versions and security packs:

  • TIBCO ActiveMatrix BusinessWorks Service Engine version 5.10.0-SECR-001
  • TIBCO ActiveMatrix BusinessWorks Service Engine Distribution for TIBCO Silver Fabric version 5.10.0-SECR-001
  • TIBCO ActiveMatrix Policy Director versions 1.0.1-SECR-001
  • TIBCO ActiveMatrix Service Bus version 3.3.0
  • TIBCO ActiveMatrix Service Grid version 3.3.0
  • TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric version 3.2.0-SECR-001

To secure deployments of these products, it is recommended that customers upgrade to the latest version of each affected product or apply the relevant security pack.

TIBCO customers and OEM partners with current maintenance contracts for these products can obtain the latest releases through their standard TIBCO fulfillment channel.

For more detailed information, including how to access the updated maintenance release, installation instructions, frequently asked questions, and contact information through which additional questions can be answered, please visit the Security Advisories for TIBCO Products web page.

May 8, 2013
TIBCO Silver® Mobile

We would like to call your attention to a security advisory for,

  • TIBCO Silver® Mobile 1.1.0

Please be assured that we have taken proactive steps to address these issues, including the release of new product version:

  • TIBCO Silver® Mobile 1.1.1

To secure deployments of this product, it is recommended that customers upgrade to the latest version of the affected product.

TIBCO customers and OEM partners with current maintenance contracts for these products can obtain the latest releases through their standard TIBCO fulfillment channel.

March 13, 2013
TIBCO Spotfire® Statistics Services
TIBCO Spotfire® Web Player

We would like to call your attention to a security advisory for,

  • TIBCO Spotfire® Statistics Services 3.3.0, 4.5.0, 5.0.0
  • TIBCO Spotfire® Web Player versions below 3.3.3, 4.0.x below 4.0.3, 4.5.0, 5.0.0

Please be assured that we have taken proactive steps to address these issues, including the release of new product versions:

  • TIBCO Spotfire Statistics Services 3.3.1
  • TIBCO Spotfire Statistics Services 4.5.1
  • TIBCO Spotfire Statistics Services 5.0.1
  • TIBCO Spotfire Web Player 3.3.3
  • TIBCO Spotfire Web Player 4.0.3
  • TIBCO Spotfire Web Player 4.5.1
  • TIBCO Spotfire Web Player 5.0.1

To secure deployments of this product, it is recommended that customers upgrade to the latest version of the affected product.

TIBCO customers and OEM partners with current maintenance contracts for these products can obtain the latest releases through their standard TIBCO fulfillment channel.

October 23, 2012
TIBCO Formvine®

We would like to call your attention to a security advisory for,

  • TIBCO Formvine 3.1.0 to 3.2.0

Please be assured that we have taken proactive steps to address these issues, including the release of a new product version:

  • TIBCO Formvine 3.2.1

To secure deployments of this product, it is recommended that customers upgrade to the latest version of the affected product.

TIBCO customers and OEM partners with current maintenance contracts for these products can obtain the latest releases through their standard TIBCO fulfillment channel.

March 8, 2012
TIBCO ActiveMatrix® BPM, TIBCO ActiveMatrix
BusinessWorks™, TIBCO ActiveMatrix BusinessWorks™
Service Engine, TIBCO ActiveMatrix BusinessWorks®
Distribution for TIBCO Silver® Fabric, TIBCO ActiveMatrix®
Service Bus, TIBCO ActiveMatrix® Service Grid, TIBCO
ActiveMatrix® Service Grid Distribution for TIBCO Silver®
Fabric, TIBCO BusinessEvents® Enterprise Edition, TIBCO
BusinessEvents® Express, TIBCO BusinessEvents® Inference
Edition, TIBCO BusinessEvents® Standard Edition, TIBCO
Spotfire® Analytics Server, TIBCO Spotfire® Server, TIBCO
Spotfire® Web Player, TIBCO Spotfire® Automation
Services, TIBCO Spotfire® Professional

We would like to call your attention to a security advisory for,

  • TIBCO ActiveMatrix BPM below 1.3.0
  • TIBCO ActiveMatrix BusinessWorks below 5.9.3
  • TIBCO ActiveMatrix BusinessWorks Service Engine below 5.8.2
  • TIBCO ActiveMatrix BusinessWorks Service Engine version 5.9.X below 5.9.3
  • TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric 5.9.2
  • TIBCO ActiveMatrix Service Bus version 2.X below 2.3.2
  • TIBCO ActiveMatrix Service Bus version 3.X below 3.1.5
  • TIBCO ActiveMatrix Service Grid version 2.X below 2.3.2
  • TIBCO ActiveMatrix Service Grid version 3.X below 3.1.5
  • TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric 3.1.3
  • TIBCO BusinessEvents Enterprise Edition version 3.X below 3.0.3
  • TIBCO BusinessEvents Inference Edition version 3.X below 3.0.3
  • TIBCO BusinessEvents Standard Edition version 4.X below 4.0.2
  • TIBCO BusinessEvents Standard Edition version 5.0.0
  • TIBCO BusinessEvents Express version 5.0.0
  • TIBCO Spotfire Analytics Server below 10.1.2
  • TIBCO Spotfire Server below 3.1.3
  • TIBCO Spotfire Server 3.2.X versions below 3.2.2
  • TIBCO Spotfire Server 3.3.X versions below 3.3.3
  • TIBCO Spotfire Web Player below 3.1.1
  • TIBCO Spotfire Web Player 3.2.X versions below 3.2.2
  • TIBCO Spotfire Web Player 3.3.X versions below 3.3.2
  • TIBCO Spotfire Web Player 4.0.X versions below 4.0.2
  • TIBCO Spotfire Automation Services below 3.1.1
  • TIBCO Spotfire Automation Services 3.2.X versions below 3.2.2
  • TIBCO Spotfire Automation Services 3.3.X versions below 3.3.2
  • TIBCO Spotfire Automation Services 4.0.X versions below 4.0.2
  • TIBCO Spotfire Professional below 3.1.1
  • TIBCO Spotfire Professional 3.2.x versions below 3.2.2
  • TIBCO Spotfire Professional 3.3.x versions below 3.3.2
  • TIBCO Spotfire Professional 4.0.x versions below 4.0.2

Please be assured that we have taken proactive steps to address these issues, including the release of new product versions:

  • TIBCO ActiveMatrix BPM 1.3.0
  • TIBCO ActiveMatrix BusinessWorks 5.9.3
  • TIBCO ActiveMatrix BusinessWorks Service Engine 5.8.2
  • TIBCO ActiveMatrix BusinessWorks Service Engine 5.9.3
  • TIBCO ActiveMatrix BusinessWorks Distribution for TIBCO Silver Fabric 5.9.3
  • TIBCO ActiveMatrix Service Bus 2.3.2
  • TIBCO ActiveMatrix Service Bus 3.1.5
  • TIBCO ActiveMatrix Service Grid 2.3.2
  • TIBCO ActiveMatrix Service Grid 3.1.5
  • TIBCO ActiveMatrix Service Grid Distribution for TIBCO Silver Fabric 3.1.5
  • TIBCO BusinessEvents Enterprise Edition 3.0.3
  • TIBCO BusinessEvents Inference Edition 3.0.3
  • TIBCO BusinessEvents Standard Edition 4.0.2
  • TIBCO BusinessEvents Standard Edition 5.0.1
  • TIBCO BusinessEvents Express 5.0.1
  • TIBCO Spotfire Analytics Server 10.1.2
  • TIBCO Spotfire Server 3.1.3
  • TIBCO Spotfire Server 3.2.2
  • TIBCO Spotfire Server 3.3.3
  • TIBCO Spotfire Web Player 3.1.1
  • TIBCO Spotfire Web Player 3.2.2
  • TIBCO Spotfire Web Player 3.3.2
  • TIBCO Spotfire Web Player 4.0.2
  • TIBCO Spotfire Automation Services 3.1.1
  • TIBCO Spotfire Automation Services 3.2.2
  • TIBCO Spotfire Automation Services 3.3.2
  • TIBCO Spotfire Automation Services 4.0.2
  • TIBCO Spotfire Professional 3.1.1
  • TIBCO Spotfire Professional 3.2.2
  • TIBCO Spotfire Professional 3.3.2
  • TIBCO Spotfire Professional 4.0.2

To secure deployments of these products, it is recommended that customers upgrade to the latest version of each affected product.

TIBCO customers and OEM partners with current maintenance contracts for these products can obtain the latest releases through their standard TIBCO fulfillment channel.

September 13, 2011
TIBCO® Managed File Transfer Internet Server, TIBCO®
Managed File Transfer Command Center, TIBCO® Slingshot

We would like to call your attention to a security advisory for,

  • TIBCO® Managed File Transfer Internet Server 7.1.0 and earlier
  • TIBCO® Managed File Transfer Command Center 7.1.0 and earlier
  • TIBCO® Slingshot 1.8.0 and earlier

as well as this product release, which includes an affected version of TIBCO Managed File Transfer Internet Server as a component,

  • TIBCO® Managed File Transfer Internet Server with RocketStream® Accelerator 7.1.0

Please be assured that we have taken proactive steps to address these issues, including the release of new product versions:

  • TIBCO Managed File Transfer Internet Server 7.1.1
  • TIBCO Managed File Transfer Command Center 7.1.1
  • TIBCO Slingshot 1.8.1

To secure deployments of these products, it is recommended that customers upgrade to the latest version of each affected product. If an upgrade is not possible, customers may mitigate the vulnerabilities by utilizing a firewall to restrict access to the TIBCO Managed File Transfer and TIBCO Slingshot servers.

TIBCO customers and OEM partners with current maintenance contracts for these products can obtain the latest releases through their standard TIBCO fulfillment channel.

August 31, 2011
TIBCO Spotfire® Analytics Server, TIBCO Spotfire® Server

We would like to call your attention to a security advisory for,

  • TIBCO Spotfire® Analytics Server versions below 10.1.1,
  • TIBCO Spotfire® Server versions 3.0.0, 3.0.1, 3.1.0, 3.1.1, 3.2.0, 3.3.0,

as well as these product releases, which include TIBCO Spotfire Server as a separately downloadable component,

  • TIBCO DataSynapse™ Analytics 1.0.0, 2.0.0.

Please be assured that we have taken proactive steps to address these issues, including the release of new product versions:

  • TIBCO Spotfire Analytics Server version 10.1.1, and
  • TIBCO Spotfire Server versions 3.0.2, 3.1.2, 3.2.1, 3.3.1.

To secure deployments of these products, it is recommended that customers upgrade to the latest version of each affected product. If an upgrade is not possible, customers may mitigate the vulnerabilities by utilizing a firewall to restrict access to the TIBCO Spotfire server.

TIBCO customers and OEM partners with current maintenance contracts for these products can obtain the latest releases through their standard TIBCO fulfillment channel.

May 18, 2011
TIBCO iProcess

We would like to call your attention to a security advisory for:

  • TIBCO iProcess™ Engine versions below 11.1.3
  • TIBCO iProcess™ Workspace (Browser) versions below 11.3.1

Please be assured that we have taken proactive steps to address these issues, including the release of new product versions:

  • TIBCO iProcess Engine 11.1.3
  • TIBCO iProcess Workspace (Browser) 11.3.1

Note that iProcess Workspace (Browser) 11.3.1 is delivered as a bundled component of:

  • TIBCO iProcess™ Workspace 11.1.3
  • TIBCO iProcess™ Developer 11.1.3

To secure deployments of these products, it is recommended that customers upgrade to the latest version of each affected product. If an upgrade is not possible, customers may mitigate the vulnerabilities by utilizing a firewall to restrict access to the TIBCO iProcess components.

TIBCO customers and OEM partners with current maintenance contracts for these products can obtain the latest releases through their standard TIBCO fulfillment channel.

March 15, 2011
tibbr®, tibbr® Service

We would like to call your attention to a security advisory for:

  • tibbr® versions 1.0.0 through 1.5.0
  • tibbr® Service versions 1.0.0 through 1.5.0

To secure these versions of tibbr, customers should upgrade to the latest version of each affected product. Upgrades to hosted tibbr Service products will be made by your provider.

Please be assured that we have taken proactive steps to address these issues, including the release of new product versions:

  • tibbr 2.0.0
  • tibbr Service 2.0.0

TIBCO customers and OEM partners with current maintenance contracts for these products can obtain the latest releases through their standard TIBCO fulfillment or hosted service channel(s).

February 1, 2011
TIBCO Rendezvous®, TIBCO Enterprise Message Service™,
TIBCO Runtime Agent™, TIBCO Silver™ BPM Service, TIBCO
Silver™ CAP Service, TIBCO Silver BusinessWorks™ Service

We would like to call your attention to a security advisory for:

  • TIBCO Rendezvous® versions 8.2.1 through 8.3.0
  • TIBCO Enterprise Message Service™ versions 5.1.0 through 6.0.0
  • TIBCO Runtime Agent™ versions 5.6.2 through 5.7.0
  • TIBCO Silver™ BPM Service versions below 1.0.4
  • TIBCO Silver™ CAP Service versions below 1.0.2
  • TIBCO Silver BusinessWorks™ Service version 1.0.0

Note that TIBCO Rendezvous, TIBCO Enterprise Message Service and TIBCO Runtime Agent are bundled for download with additional TIBCO products. A list of such products and a copy of the advisory can be found here.

To secure deployments of these products, customers should upgrade to the latest version of each affected product.

Please be assured that we have taken proactive steps to address these issues, including the release of new product versions:

  • TIBCO Rendezvous 8.3.1
  • TIBCO Enterprise Message Service 6.0.1
  • TIBCO Runtime Agent 5.7.1
  • TIBCO Silver BPM Service 1.0.4
  • TIBCO Silver CAP Service 1.0.2
  • TIBCO Silver BusinessWorks Service 1.0.1

TIBCO customers and OEM partners with current maintenance contracts for these products can obtain the latest releases through their standard TIBCO fulfillment channel.

January 5, 2011
TIBCO Collaborative Information Manager™, TIBCO®
ActiveCatalog

We would like to call your attention to a security advisory for:

  • TIBCO Collaborative Information Manager™
  • TIBCO® ActiveCatalog

Copies of the official security advisory, describing vulnerabilities in the named products, can be found here. To secure deployments of these products, customers should upgrade to the latest version of each product.

Please be assured that we have taken proactive steps to address these issues, including the release of new product versions: TIBCO Collaborative Information Manager version 8.1.0 and TIBCO ActiveCatalog version 1.0.1.

TIBCO customers and OEM partners with current maintenance contracts for these products can obtain the latest releases through their standard TIBCO fulfillment channel.

December 14, 2010
TIBCO ActiveMatrix® Service Bus, TIBCO ActiveMatrix®
Service Grid, TIBCO ActiveMatrix BusinessWorks™ Service
Engine, TIBCO ActiveMatrix® BPM, TIBCO Silver™ CAP
Service, TIBCO Silver™ BPM Service

We would like to call your attention to security advisory for:

  • TIBCO ActiveMatrix® Service Bus
  • TIBCO ActiveMatrix® Service Grid
  • TIBCO ActiveMatrix BusinessWorks™ Service Engine
  • TIBCO ActiveMatrix® BPM
  • TIBCO Silver™ CAP Service
  • TIBCO Silver™ BPM Service

Copies of the official security advisory, describing vulnerabilities in the named products, can be found here. To secure deployments of these products, customers should upgrade to the latest version of each product and recreate their ActiveMatrix environment.

Please be assured that we have taken proactive steps to address these issues, including the release of new product versions: TIBCO ActiveMatrix® Service Bus 3.0.2, TIBCO ActiveMatrix® Service Grid 3.0.2 and 3.1.1, TIBCO ActiveMatrix BusinessWorks™ Service Engine 5.9.1, TIBCO ActiveMatrix® BPM 1.0.3, TIBCO Silver CAP Service 1.0.1 and TIBCO Silver BPM Service 1.0.3.

TIBCO customers and OEM partners with current maintenance contracts for these products can obtain the latest releases through their standard TIBCO fulfillment channel.

October 19, 2010
TIBCO ActiveMatrix® Service Bus, TIBCO ActiveMatrix®
Service Grid, TIBCO ActiveMatrix BusinessWorks™ Service
Engine, TIBCO ActiveMatrix® Service Performance Manager

We would like to call your attention to security advisory for:

  • TIBCO ActiveMatrix® Service Bus
  • TIBCO ActiveMatrix® Service Grid
  • TIBCO ActiveMatrix BusinessWorks™ Service Engine
  • TIBCO ActiveMatrix® Service Performance Manager

The advisory describes vulnerabilities in the named products' JMX ports. To secure new and existing deployments, customers should upgrade to the latest version of each product.

Please be assured that we have taken proactive steps to address these issues, including the release of new product versions: TIBCO ActiveMatrix Service Bus 2.3.1, TIBCO ActiveMatrix Service Grid 2.3.1, TIBCO ActiveMatrix BusinessWorks™ Service Engine 5.8.1, and TIBCO ActiveMatrix Service Performance Manager 1.3.2. Note that BusinessWorks Service Engine 5.8.1 is delivered as an updated component of TIBCO ActiveMatrix™ BusinessWorks 5.8.0.

TIBCO customers and OEM partners with current maintenance contracts can obtain the latest releases through their standard TIBCO fulfillment channel.

February 23, 2010
TIBCO Administrator™

We would like to call your attention to a security advisory for:

  • TIBCO Administrator™

TIBCO Administrator is bundled for download with multiple TIBCO products. These products are listed in the FAQ at http://www.tibco.com/services/support/advisories/adminstrator-advisory_20100223.jsp. The advisory describes vulnerabilities in products that rely upon TIBCO Administrator for domain administrator credentials. To secure new and existing domain deployments, customers must upgrade to the latest version (v5.6.1) of TIBCO Administrator.

Please be assured that we have taken proactive steps to address these issues, including the release of a new version of TIBCO Administrator (5.6.1). We have updated the soft links of dependent products, such as TIBCO ActiveMatrix BusinessWorks™, to provide access to the updated version of TIBCO Administrator.

TIBCO customers and OEM partners with current maintenance contracts can obtain the latest release of TIBCO Administrator through their standard TIBCO fulfillment channel.

January 13, 2010
TIBCO Runtime Agent™

We would like to call your attention to a security advisory for:

  • TIBCO Runtime Agent™

TIBCO Runtime Agent is bundled for download with additional TIBCO products.

The advisory describes vulnerabilities in products that rely upon TIBCO Runtime Agent for domain administrator credentials. To secure new domain deployments, customers should upgrade to the latest version of TIBCO Runtime Agent. To secure existing domain deployments, customers should follow the method provided in the new version’s release notes.

Please be assured that we have taken proactive steps to address these issues, including the release of a new version of TIBCO Runtime Agent (5.6.2). We have updated the soft links of dependent products, such as TIBCO ActiveMatrix BusinessWorks™, to provide access to the updated version of TIBCO Runtime Agent.

TIBCO customers and OEM partners with current maintenance contracts can obtain the latest release of TIBCO Runtime Agent through their standard TIBCO fulfillment channel. TIBCO recommends upgrading to the latest version of TIBCO Runtime Agent before any new domain deployments are made, and using the method provided in the release notes for securing existing deployments.

April 28, 2009
TIBCO SmartSockets, TIBCO SmartSockets (VMS), TIBCO
SmartSockets Product Family Modules (formerly RTworks),
and TIBCO Enterprise Message Service

We would like to call your attention to security advisories for:

  • TIBCO SmartSockets®
  • TIBCO SmartSockets® (VMS)
  • TIBCO SmartSockets® Product Family Modules (formerly RTworks)
  • TIBCO Enterprise Message Service™

View copies of the advisories and detailed FAQs.

The SmartSockets® client library is dynamically loaded by several SmartSockets Product Family Modules and SmartSockets and add-on products, such as TIBCO SmartSockets® Cache and TIBCO SmartSockets® RTarchive.

TIBCO Enterprise Message Service is delivered as a standalone offering, as a hard-bundled component of TIBCO iProcess Engine™ and as a soft-bundled component of several TIBCO ActiveMatrix™ products.

Please note that Enterprise Message Service™, iProcess Engine™ and ActiveMatrix™ installations are only impacted if they have proactively enabled the Enterprise Message Service server's internal SmartSockets support. By default, SmartSockets support is disabled. Customers who have enabled Enterprise Message Service's SmartSockets support can secure their implementations by upgrading their Enterprise Message Service servers, or by disabling SmartSockets support.

To fully secure SmartSockets and SmartSockets Product Family Modules (RTworks) implementations, customers will need to upgrade both their server components and C client libraries to the newly released versions. Please see the FAQ linked at the bottom of this notice for details on specific upgrade steps.

New Versions of SmartSockets, SmartSockets Product Family Modules/RTworks, and Enterprise Message Service Available

Please be assured that we have taken proactive steps to address these issues, including the release of new versions of SmartSockets (6.8.2), SmartSockets Product Family Modules/RTworks (4.0.5) and Enterprise Message Service (5.1.2) that eliminate the vulnerabilities. We have rebundled iProcess (11.0.2), and the latest versions of the ActiveMatrix products with the updated version of Enterprise Message Service. TIBCO customers and OEM partners with current maintenance contracts can obtain the latest releases of these products through their standard TIBCO fulfillment channel. TIBCO recommends upgrading to the latest versions of these products as quickly as possible.

July 29, 2008
TIBCO Hawk, TIBCO Runtime Agent, TIBCO iProcess Engine,
and TIBCO Mainframe Service Tracker

We would like to call your attention to a security advisory for TIBCO Hawk®. TIBCO Hawk is delivered as both a standalone offering and a component of:

  • TIBCO Runtime Agent™
  • TIBCO iProcess™ Engine
  • TIBCO Mainframe Service Tracker™

TIBCO Runtime Agent is bundled for download with additional TIBCO products that are listed in a FAQ that is available with copies of the advisories. These advisories describe vulnerabilities that have been discovered in the Hawk® tibhawkhma executable and the Hawk AMI C client library.

These vulnerabilities impact TIBCO products that bundle the tibhawkhma executable, or include the Hawk AMI C client library. To fully secure current Hawk implementations, customers will need to upgrade to the latest version of Hawk, and upgrade to the latest version of products with built-in dependencies on the affected Hawk components. Customers may need to re-link or restart any of their own applications that utilize the Hawk AMI C client.

New Versions of Hawk, Runtime Agent, iProcess Engine, and Mainframe Service Tracker Available

Please be assured that we have taken proactive steps to address these issues, including the release of new versions of Hawk (4.8.1), Runtime Agent (5.6.0), iProcess Engine 10.6.3 and 11.0.1) and Mainframe Service Tracker (1.1.0). We have updated the soft links of dependent products such as ActiveMatrix BusinessWorks™ to provide access to the updated version of Runtime Agent. TIBCO customers and OEM partners with current maintenance contracts can obtain the latest releases of these products from their standard TIBCO fulfillment channel. TIBCO recommends upgrading to the latest versions of these products as quickly as possible.

April 9, 2008
TIBCO Rendezvous and TIBCO Enterprise Message Service
Security Advisories

We would like to call your attention to security advisories for TIBCO Enterprise Message Service™ and TIBCO Rendezvous®. Both products are delivered as standalone offerings, and included or bundled with:

  • TIBCO Rendezvous® TX
  • TIBCO Rendezvous® DataSecurity
  • TIBCO Hawk®
  • TIBCO Runtime Agent™
  • TIBCO Adapter™ for Files z/OS
  • TIBCO Substation ES™
  • TIBCO iProcess™ Engine
  • TIBCO ActiveMatrix BusinessWorks™ Service Engine
    • Bundled for download with ActiveMatrix BusinessWorks™
  • TIBCO ActiveMatrix™ Service Grid
  • TIBCO ActiveMatrix™ Service Bus

These advisories describe vulnerabilities that have been discovered in Rendezvous® (including Rendezvous® OS390 and Rendezvous® Server In-Process Module Add-on) clients and daemons, and Enterprise Message Service™ servers.

These vulnerabilities impact TIBCO products that link with the Rendezvous client libraries, or bundle the Rendezvous daemons, Rendezvous client libraries, or Enterprise Message Service servers. To fully secure current Rendezvous and Enterprise Message Service implementations, customers will need to upgrade to the latest versions of these products, and upgrade to the latest version of products with built-in dependencies on either Rendezvous or Enterprise Message Service.

New Versions of Rendezvous and Enterprise Message Service Available

Please be assured that we have taken proactive steps to address these issues, including the release of new versions of Rendezvous (8.1.0), Enterprise Message Service (4.4.3), and any products with built-in dependencies. We have updated the soft links of dependent products such as ActiveMatrix BusinessWorks™ to provide the necessary updates to Rendezvous and/or Enterprise Message Service. TIBCO customers and OEM partners with current maintenance contracts can obtain the latest releases of these products from their standard TIBCO fulfillment channel. TIBCO recommends upgrading to the latest versions of these products as quickly as possible.

January 15, 2008
TIBCO SmartSockets, TIBCO SmartSockets Product Family
Modules (RTworks), and TIBCO Enterprise Message Service
Security Advisories

Security advisories for TIBCO SmartSockets®, TIBCO SmartSockets® Product Family Modules (formerly RTworks), and TIBCO Enterprise Message Service™ have been coordinated with an independent advisory distribution from iDefense Labs. These advisories describe vulnerabilities that have been discovered in TIBCO SmartSockets, TIBCO SmartSockets Product Family Modules, and related TIBCO products that use or can potentially leverage TIBCO SmartSockets client libraries.

These issues may impact customers who utilize SmartSockets® or SmartSockets® Product Family Modules directly, as well as those who utilize SmartSockets client libraries in products such as TIBCO Enterprise Message Service, TIBCO ActiveMatrix™ Service Grid, TIBCO ActiveMatrix™ Service Bus, and TIBCO ActiveMatrix BusinessWorks™ via the SmartSockets bridge in the Enterprise Message Service™ server. Guidelines for determining whether your TIBCO software installation is affected can be found at the FAQ pages listed above.

New Versions of SmartSockets, SmartSockets Product Family Modules, and Enterprise Message Service Now Available

Please be assured that we have taken proactive steps to address these issues, including the release of new versions of SmartSockets (v6.8.1), SmartSockets Product Family Modules, formerly RTworks (v4.0.4) and Enterprise Message Service (v4.4.2) that eliminate the vulnerabilities. Further, Enterprise Message Service has been updated to version 4.4.2 in the product bundles for TIBCO ActiveMatrix Service Grid 2.0.0, TIBCO ActiveMatrix Service Bus 2.0.0, and TIBCO ActiveMatrix BusinessWorks 5.6.0. TIBCO customers with current maintenance contracts can obtain the latest releases of these products from their standard TIBCO download site. TIBCO recommends that customers upgrade to the latest versions of these products as quickly as possible.

June 5, 2006
TIBCO Rendezvous and TIBCO Hawk Support Products

We would like to call your attention to security advisories for TIBCO Rendezvous® and TIBCO Hawk®, which have been sent to the CERT Coordination Center for distribution. These advisories describe vulnerabilities that have been discovered in TIBCO Rendezvous and TIBCO Hawk. The affected components are RVSD, RVRD, RVSRD, RVA, RVCACHE and TIBHAWKHMA. The basic RVD is not affected.

These issues may impact customers who utilize Rendezvous® or Hawk® directly, as well as those who utilize Rendezvous in support of products such as TIBCO BusinessWorks™, TIBCO BusinessConnect™, TIBCO BusinessEvents™, and TIBCO PortalBuilder® via the TIBCO Runtime Agent™. Guidelines for determining whether your TIBCO software installation is affected can be found at the FAQ pages listed above.

New Versions of Rendezvous, Hawk, and Runtime Agent™ Available

Please be assured that we have taken proactive steps to address these issues, including the release of new versions of Rendezvous (v7.5.1), Hawk (v4.6.1) and Runtime Agent (v5.4.0) that eliminate the vulnerabilities. TIBCO customers with current maintenance contracts can obtain the latest releases of these products from their standard TIBCO download site. TIBCO recommends that customers upgrade to the latest versions of these products as quickly as possible.

Regarding Existing Installations

For those unable to upgrade at this time, the web links below provide remedial administrative actions that can be taken to mitigate the impact on existing installations. Many customers will find that their TIBCO software installations do not include the affected components, or that mitigating administrative actions have already been implemented as part of standard operating procedures.

For More Information

For more detailed information, including how to access TIBCO Software maintenance downloads, installation instructions, remedial actions for existing installations, frequently asked questions, and contact information through which additional questions can be answered, please view the appropriate Advisory FAQ has listed above.

###

The information on this page is being provided to you on an "AS IS" and "AS-AVAILABLE" basis. The issues described on this page may or may not impact your system(s). TIBCO makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT TIBCO SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. The information on this page is being provided to you under the terms of your license and/or services agreement with TIBCO, and may be used only for the purposes contemplated by the agreement. If you do not have such an agreement with TIBCO, this information is provided under the TIBCO.com Terms of Use, and may be used only for the purposes contemplated by such Terms of Use.

SEPTEMBER 3, 2014 - RESOLUTION

FAQ /
Advisory

TIBCO Spotfire® Server

APRIL 29, 2014 - RESOLUTION

FAQ /
Advisory

TIBCO® Managed File Transfer Internet Server, TIBCO® Managed File Transfer Command Center, TIBCO® Slingshot, TIBCO® Vault

APRIL 9, 2014 - RESOLUTION

FAQ /
Spotfire Advisory

TIBCO Spotfire® Server, TIBCO Spotfire® Professional, TIBCO Spotfire® Web Player, TIBCO Spotfire® Automation Services, TIBCO Spotfire® Deployment Kit, TIBCO Spotfire® Desktop, TIBCO Spotfire® Analyst

April 8, 2014 - Resolution

FAQ /
Rendezvous Advisory

TIBCO Rendezvous®, TIBCO Messaging Appliance™, TIBCO Substation ES™

February 26, 2014 - Resolution

FAQ /
Enterprise Administrator Advisory

TIBCO® Enterprise Administrator, TIBCO® Enterprise Administrator SDK

September 25, 2013 - Resolution

FAQ /
Active Matrix 3 Advisory

TIBCO ActiveMatrix BusinessWorks™ Service Engine, TIBCO ActiveMatrix BusinessWorks™ Service Engine, Distribution for TIBCO Silver® Fabric, TIBCO ActiveMatrix® Policy Director, IBCO ActiveMatrix® Service Bus, TIBCO ActiveMatrix® Service Grid, TIBCO ActiveMatrix® Service Grid Distribution for TIBCO, Silver® Fabric

May 8, 2013 - Resolution

FAQ /
Silver Mobile Advisory

TIBCO Silver® Mobile

March 13, 2013 - Resolution

FAQ /
Spotfire Statistics Services Advisory

Spotfire Web Player Advisory

TIBCO Spotfire® Statistics Services, TIBCO Spotfire® Web Player