TIBCO Rendezvous Security Advisory FAQ

Why are these advisories being issued?

 Security vulnerabilities have been discovered in versions of TIBCO Rendezvous® 7.5.0 and earlier.

Which customers are affected?

The vulnerability potentially affects any customer running Rendezvous® 7.5.0 or earlier. This includes customers who have installed Rendezvous directly, as well as those who have installed it as part of TIBCO Hawk® or TIBCO Runtime Agent™.

What Rendezvous components are affected?

 The following Rendezvous daemons are affected: RVSD, RVRD, RVSRD, RVCACHE and RVA.

Is RVD affected?

 No.

What is the effect of the vulnerability?

The vulnerability could allow an attacker to execute arbitrary code on an affected system. For details, please see the Rendezvous Security Advisory.

How should customers currently on maintenance handle this issue?

Affected customers with current maintenance agreements should upgrade to the latest version of Rendezvous (v7.5.1 or later), available from your TIBCO download site.

Do I need to upgrade all the RVRD/RVSRD/RVSD/RVCACHE/RVA daemons?

TIBCO strongly recommends that all instances of these daemons be replaced.

Do I need to re-link applications that use the RV libraries?

No.

What if I cannot upgrade Rendezvous at this time?

If you are not able to upgrade the Rendezvous daemons at this time, actions can be taken to mitigate the vulnerability. For details on these actions, please see the Rendezvous Security Advisory.

Does this issue affect TIBCO Enterprise Messaging Service™?

No, Enterprise Messaging Service™ is not affected.

What other products are affected?

TIBCO Hawk and TIBCO Runtime Agent each bundles Rendezvous as part of the install process. When purchasing Hawk® or a TIBCO product that includes Runtime Agent® (e.g., TIBCO BusinessWorks™), customers typically only utilize the unaffected RVD within these packages. Customers who have purchased additional Rendezvous licenses that provide access to the affected daemons should upgrade their Rendezvous installation.

Please see Hawk Security Advisory FAQ and the TRA Security Advisory FAQ for information on these products.

Does this mean that I have to upgrade Runtime Agent and Hawk?

You do not need to upgrade Runtime Agent.  An updated version of Rendezvous may be layered on an existing deployment without installing a new version of Runtime Agent.  If Hawk is installed, stand-alone or as part of Runtime Agent, you should install a new version of Hawk. See the Hawk Security Advisory FAQ for more detail.

What if I do not have a current maintenance contract?

The vulnerability can be mitigated without a software upgrade by taking the remedial configuration actions detailed in the Rendezvous Security Advisory.

How will customers who receive TIBCO software via OEM partners be affected?

Customers of OEM partners can receive new versions of TIBCO Hawk from their OEM partner. Please contact your OEM partner to upgrade.

What is TIBCO doing to prevent future security issues?

TIBCO takes security very seriously. We perform rigorous testing for every product release, as well as code audits, structured walkthroughs and peer reviews. TIBCO has identified security vulnerabilities in products during internal testing and reviews and corrected them prior to release. TIBCO constantly evaluates and augments its security measures and will continue to do so.

Where can I get more information?

If you have a current maintenance contract with TIBCO, you can log a service request with TIBCO Global Support and then call your support telephone number.

###

The information on this page is being provided to you on an "AS IS" and "AS-AVAILABLE" basis. The issues described on this page may or may not impact your system(s). TIBCO makes no representations, warranties, or guarantees as to the information contained herein. ANY AND ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, INCLUDING, BUT NOT LIMITED TO, IMPLIED WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR A PARTICULAR PURPOSE ARE HEREBY DISCLAIMED. BY ACCESSING THIS DOCUMENT YOU ACKNOWLEDGE THAT TIBCO SHALL IN NO EVENT BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, PUNITIVE, OR CONSEQUENTIAL DAMAGES THAT ARISE OUT OF YOUR USE OR FAILURE TO USE THE INFORMATION CONTAINED HEREIN. The information on this page is being provided to you under the terms of your license and/or services agreement with TIBCO, and may be used only for the purposes contemplated by the agreement. If you do not have such an agreement with TIBCO, this information is provided under the TIBCO.com Terms of Use, and may be used only for the purposes contemplated by such Terms of Use.