TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
Security@TIBCO
Public Notice
Apache Log4J Vulnerability Update
11 December 2021
TIBCO continues to work on investigating and identifying mitigations for the Apache Log4J vulnerability (CVE-2021-44228), referred to as the “Log4Shell” vulnerability. The sections below contain the current status of these efforts. TIBCO continues to make the investigation and remediation of this vulnerability its top priority.
Here is the current status as of the publication time of this update.
TIBCO products whose current standard support versions either do not use Apache Log4J or are not on an affected version of Log4J:
- TIBCO ActiveMatrix® Service Grid Platform
- TIBCO ActiveSpaces® version 4.x
- TIBCO® API Exchange Gateway
- TIBCO® BPM Enterprise (formerly known as TIBCO® ActiveMatrix BPM)
- TIBCO BusinessWorks™ 5
- TIBCO Enterprise Message Service™ version 8.5 and above
- TIBCO Enterprise Message Service™ Appliance (EMSA)
- TIBCO Flogo® Enterprise and all connectors
- TIBCO FTL® and eFTL
- TIBCO® Graph Database
- TIBCO® GeoAnalytics
- TIBCO LABS™ Project Discover
- TIBCO Rendezvous® version 8.5.1 and above
- TIBCO Scribe® Insight
- TIBCO Scribe® Online