TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
TIBCO Security Advisory: May 1, 2018 - TIBCO DataSynapse GridServer - 2017-5535
TIBCO DataSynapse GridServer improper use of encryption
Original release date: May 1, 2018
Last revised: --
Source: TIBCO Software Inc.
- TIBCO DataSynapse GridServer Manager versions 5.1.3 and below
- TIBCO DataSynapse GridServer Manager versions 6.0.0, 6.0.1 and 6.0.2
- TIBCO DataSynapse GridServer Manager versions 6.1.0 and 6.1.1
- TIBCO DataSynapse GridServer Manager version 6.2.0
The following components are affected:
- GridServer Broker
- GridServer Driver
- GridServer Engine
The components listed above contain vulnerabilities related to both the improper use of encryption mechanisms, and the use of weak ciphers. A malicious actor could theoretically compromise the traffic between any of the components.
A user with access to network traffic between the affected components could potentially examine that traffic, including passwords used to encrypt further communications.
CVSS v3 Base Score: 6.8 (CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N)
TIBCO has released updated versions of the affected components which address these issues.
For each affected system, update to the corresponding software versions:
- TIBCO DataSynapse GridServer Manager versions 5.1.3 and below update to version 5.2.0 or higher
- TIBCO DataSynapse GridServer Manager versions 6.0.0, 6.0.1 and 6.0.2 update to version 6.3.0 or higher
- TIBCO DataSynapse GridServer Manager versions 6.1.0 and 6.1.1 update to version 6.3.0 or higher
- TIBCO DataSynapse GridServer Manager version 6.2.0 update to version 6.3.0 or higher