Security at TIBCO


TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.

Security at TIBCO

Public Notice

Apache Log4J Vulnerability Update

11 December 2021

TIBCO continues to work on investigating and identifying mitigations for the Apache Log4J vulnerability (CVE-2021-44228), referred to as the “Log4Shell” vulnerability. The sections below contain the current status of these efforts. TIBCO continues to make the investigation and remediation of this vulnerability its top priority.

Here is the current status as of the publication time of this update.

TIBCO products whose current standard support versions either do not use Apache Log4J or are not on an affected version of Log4J:

  • TIBCO ActiveMatrix® Service Grid Platform
  • TIBCO ActiveSpaces® version 4.x
  • TIBCO® API Exchange Gateway
  • TIBCO® BPM Enterprise (formerly known as TIBCO® ActiveMatrix BPM)
  • TIBCO BusinessWorks™ 5
  • TIBCO Enterprise Message Service™ version 8.5 and above
  • TIBCO Enterprise Message Service™ Appliance (EMSA)
  • TIBCO Flogo® Enterprise and all connectors
  • TIBCO FTL® and eFTL
  • TIBCO® Graph Database
  • TIBCO® GeoAnalytics
  • TIBCO LABS™ Project Discover
  • TIBCO Rendezvous® version 8.5.1 and above
  • TIBCO Scribe® Insight
  • TIBCO Scribe® Online