The TIBCO Security team is aware of the recently announced Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) vulnerabilities, referred to as speculative execution side-channel attacks. Performing these attacks requires running carefully crafted native code. These vulnerabilities theoretically enable a non-privileged operating system level account to extract information from all other processes running on the machine.
TIBCO’s Security Team is actively monitoring the information coming out about the Meltdown and Spectre Security Vulnerabilities and our Product Security Incident Response Team (PSIRT) is actively evaluating how these vulnerabilities may affect TIBCO products and cloud services.
We will provide updates as more information becomes available and as TIBCO determines whether any of its products or services are affected. This information will include which TIBCO products and services are affected and how customers and users of those products and services can best mitigate or protect themselves from being exploited by these vulnerabilities.
For more information on the vulnerabilities themselves please see the following references:
TIBCO recommends checking the following references for specific vendor guidance on updating your operating systems and browsers to address Meltdown and Spectre: