TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
Security@TIBCO
Public Notice
Meltdown and Spectre Vulnerability Update
31 January 2018
TIBCO has investigated and identified mitigations for the Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) vulnerabilities. The table below contains the current status of the remediations for TIBCO offerings that were affected by the Meltdown and Spectre vulnerabilities and not addressed in previous updates.
| TIBCO Offering | Mitigation status |
|---|---|
| Virtual Machine images | |
|
TIBCO BusinessWorks™ Container Edition and Plug-ins for AWS |
TIBCO BusinessWorks™ Container Edition and Plug-ins for AWS and TIBCO BusinessWorks™ Container Edition and Plug-ins for AWS (BYOL) 2.3.3 will be available on the AWS Marketplace by February 28, 2018. This release will use CentOS 7 x86_64 AMI version 1801_1 with kernel version 3.10.0-693.11.6.el7.x86_64 as per RedHat Security Advisory https://access.redhat.com/errata/RHSA-2018:0007 |
|
TIBCO Clarity |
An update for TIBCO Clarity AMI has been available as of January 29, 2018 on the AWS Marketplace. TIBCO encourages its users to ensure they are using this latest version. |
|
TIBCO Jaspersoft for AWS with Multi-Tenancy |
An update for this virtual image will be available by February, 28 2018 on AWS Marketplace. |
|
TIBCO Jaspersoft Reporting and Analytics for AWS (Hourly) |
An update for these virtual images will be available by February, 28 2018 on AWS Marketplace. |
|
TIBCO LogLogic Enterprise Virtual Appliance Software |
TIBCO continues to monitor its upstream vendors to determine the best solution to address these vulnerabilities. See https://support.tibco.com/s/article/TIBCO-LogLogic-LMI-exposure-and-impact-status-regarding-Meltdown-and-Spectre-Vulnerabilities for specific information on this product. Note: A TIBCO Customer Support Portal account is required to access this URL. |
|
TIBCO Mashery Local |
TIBCO Mashery Local 4.3.0 will be available by February 28, 2018 on the AWS Marketplace. This OVA release will include CentOS 2.6.32-696.18.7.el6.x86_64. This is the version announced by Redhat Security Advisory to address Meltdown/Spectre: https://access.redhat.com/errata/RHSA-2018:0008 |
|
TIBCO Spotfire® Analytics Platform for AWS Marketplace |
An update for this virtual image will be available by March, 15 2018 on the AWS Marketplace. |
| Hardware appliances | |
|
TIBCO FTL® Message Switch |
An update for the TIBCO FTL® Message Switch appliance to address these vulnerabilities will be available by April, 30 2018 through TIBCO’s eDelivery. |
|
TIBCO LogLogic® Log Management Intelligence (LMI) |
TIBCO continues to monitor its upstream vendors to determine the best solution to address these vulnerabilities. See https://support.tibco.com/s/article/TIBCO-LogLogic-LMI-exposure-and-impact-status-regarding-Meltdown-and-Spectre-Vulnerabilities for specific information on this product. Note: A TIBCO Customer Support Portal account is required to access this URL. |
| TIBCO-hosted services | |
|
TIBCO Mashery |
The Mashery service is being updated to address these vulnerabilities and will have completed updates by March 9, 2018. |
|
TIBCO Reward |
The Reward service has identified the updates that are required to mitigate Meltdown and Spectre. TIBCO is currently testing to determine the operational and performance impacts these updates will have on the Reward service. Testing will be completed no later than February 28, 2018. At this point TIBCO will contact customers to schedule upgrades to their Reward service. |
|
All other hosted services |
As of January 29, 2018, as reported in the previous update, all TIBCO hosted services with the exception of TIBCO Mashery and TIBCO Reward have been upgraded to address these vulnerabilities. |