TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
Security@TIBCO
Public Notice
Previous Notices
Apache Commons Text Vulnerability & JXPath
24 October 2022
TIBCO is aware of the recently announced Apache Commons Text vulnerabilities (CVE-2022-42889) which is being referred to as “Text4Shell”. This vulnerability potentially enables a malicious actor to execute arbitrary code by taking advantage of string interpolation.
TIBCO is also aware of CVE-2022-41852, and this issue is under investigation as part of our response to CVE-2022-42889.
TIBCO is assessing the risk of these vulnerabilities and will respond as appropriate.
TIBCO is actively monitoring the still evolving situation and updates with regards to Apache Commons and our Product Security Incident Response Team (PSIRT) is actively evaluating how these vulnerabilities may affect TIBCO products and cloud services.
We will provide updates as more information becomes available and we complete our investigation. This information will include which TIBCO products and services are affected, if any, and how customers and users of those products and services can best mitigate or protect themselves from being exploited by these vulnerabilities.