TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
Security@TIBCO
Public Notice
Download NoticeCVE-2015-0204 - aka FREAK
03 March 2015
Status
TIBCO is currently assessing the impact of this vulnerability to our products. This vulnerability is limited in scope to OpenSSL-encrypted systems. As more information becomes available, it will be published via Late Breaking News (LBNs) on TIBCO Support Central (support.tibco.com). Due to the nature of this vulnerability, some issues may be mitigated by default and others may be mitigated via configuration as per CVE-2015-0204. TIBCO is currently investigating which issues are mitigated by default, which can be mitigated by configuration and which, if any, require new software releases.
Product(s) Affected
TIBCO Software Inc. has determined that the following products are affected:
- TIBCO Enterprise Message Service™ (EMS) - easily configured, consult the documentation on the attribute "ssl_server_ciphers"
- TIBCO Enterprise Message Service™ Appliance and High Performance Edition Appliance - Same as the software version, easily configured.
- TIBCO Rendezvous® (RV) - TBD - not vulnerable from RV Client to RV Daemon
- TIBCO LogLogic® Log Management Intelligence - TBD - some interfaces are configurable
- TIBCO LogLogic® Enterprise Virtual Appliance - TBD - some interfaces are configurable
Notes
Please check for Late Breaking News on TIBCO Support Central.