Security at TIBCO

Security@TIBCO

TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.

Security at TIBCO

Public Notice

Download Notice

CVE-2015-0204 - aka FREAK

03 March 2015

Status

TIBCO is currently assessing the impact of this vulnerability to our products.  This vulnerability is limited in scope to OpenSSL-encrypted systems. As more information becomes available, it will be published via Late Breaking News (LBNs) on TIBCO Support Central (support.tibco.com).  Due to the nature of this vulnerability, some issues may be mitigated by default and others may be mitigated via configuration as per CVE-2015-0204.  TIBCO is currently investigating which issues are mitigated by default, which can be mitigated by configuration and which, if any, require new software releases.

Product(s) Affected

TIBCO Software Inc. has determined that the following products are affected:

  • TIBCO Enterprise Message Service™ (EMS) - easily configured, consult the documentation on the attribute "ssl_server_ciphers" 
  • TIBCO Enterprise Message Service™ Appliance and High Performance Edition Appliance - Same as the software version, easily configured.
  • TIBCO Rendezvous® (RV) - TBD - not vulnerable from RV Client to RV Daemon
  • TIBCO LogLogic® Log Management Intelligence  - TBD - some interfaces are configurable
  • TIBCO LogLogic® Enterprise Virtual Appliance - TBD - some interfaces are configurable

 

Notes

Please check for Late Breaking News on TIBCO Support Central.