TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
Security@TIBCO
Public Notice
Previous Notices
Meltdown and Spectre Vulnerability Update
30 March 2018
TIBCO has investigated and identified applicable mitigation measures recommended by microprocessor and operating system vendors (“the Vendors”) for the Meltdown (CVE-2017-5754) and Spectre (CVE-2017-5753 and CVE-2017-5715) microprocessor vulnerabilities. The table below contains the current status of the Vendor-recommended mitigations for TIBCO offerings.
| TIBCO Offering | Mitigation status |
|---|---|
| Virtual Machine images | |
|
TIBCO BusinessWorks™ Container Edition and Plug-ins for AWS |
TIBCO BusinessWorks™ Container Edition and Plug-ins for AWS 2.3.3 and TIBCO BusinessWorks™ Container Edition and Plug-ins for AWS (BYOL) 2.3.3 are now available on AWS Marketplace. These releases use CentOS 7 x86_64 AMI version 1801_1 with kernel version 3.10.0-693.11.6.el7.x86_64, as recommended by a RedHat Security Advisory https://access.redhat.com/errata/RHSA-2018:0007 |
|
TIBCO Clarity |
An update of TIBCO Clarity with appropriate Vendor-recommended mitigation updates is now available as on AWS Marketplace. TIBCO encourages its users to ensure they are using the latest version. |
|
TIBCO Jaspersoft for AWS with Multi-Tenancy |
An update for this virtual image with appropriate Vendor-recommended mitigation updates is now available on AWS Marketplace. TIBCO encourages its users to ensure they are using the latest version. |
|
TIBCO Jaspersoft Reporting and Analytics for AWS (Hourly) |
An update for these virtual images with appropriate Vendor-recommended mitigation updates is now available on AWS Marketplace. TIBCO encourages its users to ensure they are using the latest version. |
|
TIBCO LogLogic Enterprise Virtual Appliance Software |
TIBCO continues to monitor recommendations of its upstream vendors to determine the best solution to address these vulnerabilities. See https://support.tibco.com/s/article/TIBCO-LogLogic-LMI-exposure-and-impact-status-regarding-Meltdown-and-Spectre-Vulnerabilities for specific information on this product. Note: A TIBCO Customer Support Portal account is required to access this URL. |
|
TIBCO Mashery Local |
TIBCO Mashery Local 4.3.0, which is now available, includes CentOS 2.6.32-696.18.7.el6.x86_64. This is the version of CentOS announced by a Redhat Security Advisory to address Meltdown/Spectre: https://access.redhat.com/errata/RHSA-2018:0008 |
|
TIBCO Spotfire® Analytics Platform for AWS Marketplace |
An update for this virtual image with appropriate Vendor-recommended mitigation updates is available on AWS Marketplace. |
| Hardware appliances | |
|
TIBCO FTL® Message Switch |
A software and/or firmware update for the TIBCO FTL® Message Switch appliance with appropriate Vendor-recommended mitigation updates is scheduled to be available by April 30, 2018 on the TIBCO eDelivery site. |
|
TIBCO LogLogic® Log Management Intelligence (LMI) |
TIBCO continues to monitor its upstream vendors to determine the best solution to address these vulnerabilities. Please see https://support.tibco.com/s/article/TIBCO-LogLogic-LMI-exposure-and-impact-status-regarding-Meltdown-and-Spectre-Vulnerabilities for specific information on this product. Note: A TIBCO Customer Support Portal account is required to access this URL. |
| TIBCO-hosted services | |
|
TIBCO Mashery |
Mashery® has been updated to include appropriate patches recommended by the Vendors to mitigate these vulnerabilities in externally accessible systems. |
|
TIBCO® Reward |
TIBCO is currently testing appropriate Vendor-recommended mitigation updates for TIBCO Reward. Following completion of testing, TIBCO will contact customers to schedule upgrades to TIBCO Reward. |
|
All other hosted services |
TIBCO hosted services other than TIBCO Mashery and TIBCO Reward, have been upgraded to include appropriate Vendor-recommended mitigation updates. |