TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: February 18, 2015 - TIBCO ActiveMatrix® Policy Manager
TIBCO ActiveMatrix® Policy Manager/Agent vulnerabilities
Original release date: February 18, 2015
Last revised: --
Source: TIBCO Software Inc.
The TIBCO ActiveMatrix® Policy components listed above contain a critical vulnerability which could allow privilege escalation.
TIBCO has released updated versions of the affected software products which address these issues. TIBCO strongly recommends sites running the affected components install the applicable update as described below.
- TIBCO ActiveMatrix Policy Agent 3.0.0, 3.1.0, 3.1.1
- TIBCO ActiveMatrix Policy Manager 3.0.0, 3.1.0, 3.1.1
- TIBCO ActiveMatrix Management Agent for WCF 1.0.0, 1.1.0, 1.2.0
- TIBCO ActiveMatrix Management Agent for WebSphere 1.0.0, 1.1.0, 1.2.0
The following components are affected:
- TIBCO ActiveMatrix Policy Manager Authentication Module
The impact of this vulnerability may include unprivileged information disclosure.
CVSS v2 Base Score: 3.5 (AV:N/AC:L/Au:N/C:P/I:P/A:N)
For each affected system, update to the corresponding software versions:
- TIBCO ActiveMatrix Policy Agent 3.1.2 or higher
- TIBCO ActiveMatrix Policy Manager 3.1.2 or higher
- TIBCO ActiveMatrix Management Agent for WCF 1.2.1 or higher
- TIBCO ActiveMatrix Management Agent for WebSphere 1.2.1 or higher