TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
Security@TIBCO
Public Notice
Previous Notices
Apache Commons Text Vulnerability & JXPath
01 November 2022
TIBCO is aware of the recently announced Apache Commons Text vulnerabilities (CVE-2022-42889) which is being referred to as “Text4Shell”. This vulnerability potentially enables a malicious actor to execute arbitrary code by taking advantage of string interpolation.
TIBCO is also aware of CVE-2022-41852, and this issue is under investigation as part of our response to CVE-2022-42889.
TIBCO is assessing the risk of these vulnerabilities and will respond as appropriate.
TIBCO is actively monitoring the still evolving situation and updates with regards to Apache Commons and our Product Security Incident Response Team (PSIRT) is actively evaluating how these vulnerabilities may affect TIBCO products and cloud services.
The below products have been identified as potentially impacted. If a product is not on the list below, it is not impacted.
Apache Commons & JXPath Status for TIBCO Products
(applies to versions that are currently in Standard Support)
Short Term Mitigations and Service Packs are hotlinked in the product name.
Legend
✅ - Unaffected
🛠️ - Remediated through Service Pack or Short Term Mitigation
🔍 - Under Investigation
|
TIBCO Product |
||
|
TIBCO ActiveMatrix BusinessWorks Plug-in for HL7 with FHIR |
🔍 |
🔍 |
|
TIBCO Cloud Data Virtualization |
✅ |
✅ |
|
TIBCO Cloud Integration |
🔍 |
🔍 |
|
TIBCO Cloud Spotfire |
🔍 |
🔍 |
|
TIBCO Cloud™ EBX® |
✅ |
✅ |
|
TIBCO Data Virtualization |
🔍 |
🔍 |
|
TIBCO Data Virtualization for AWS Marketplace |
🔍 |
🔍 |
|
TIBCO DQ |
✅ |
✅ |
|
TIBCO EBX |
🔍 |
🔍 |
|
TIBCO EBX Add-ons |
🔍 |
🔍 |
|
TIBCO EBX® Cloud Enterprise |
🔍 |
🔍 |
|
TIBCO EBX® Cloud Enterprise - Record Add-on |
🔍 |
🔍 |
|
TIBCO Health Essentials Cloud |
🛠️ |
🛠️ |
|
TIBCO iWay Service Manager |
🔍 |
🔍 |
|
TIBCO iWay Service Manager Cloud |
🔍 |
🔍 |
|
🛠️ |
🛠️ |
|
|
🛠️ |
🛠️ |
|
|
🛠️ |
🛠️ |
|
|
🛠️ |
🛠️ |
|
|
🛠️ |
🛠️ |
|
|
TIBCO Offer and Price Engine |
🔍 |
🔍 |
|
TIBCO Omni-Gen® |
🔍 |
🔍 |
|
TIBCO Omni-Gen® DQ Cloud |
🔍 |
🔍 |
|
TIBCO Omni-Gen® MDM |
🔍 |
🔍 |
|
TIBCO Omni-Gen® MDM Cloud |
🔍 |
🔍 |
|
TIBCO Omni-HealthData® |
🔍 |
🔍 |
|
TIBCO Omni-HealthData® Cloud |
🔍 |
🔍 |
|
TIBCO Omni-HealthData® Cohort Builder |
🔍 |
🔍 |
|
TIBCO Omni-Insurance™ |
🔍 |
🔍 |
|
TIBCO Omni-Insurance™ Cloud |
🔍 |
🔍 |
|
TIBCO Patterns - Search |
🔍 |
🔍 |
|
TIBCO Product and Service Catalog powered by TIBCO EBX |
🔍 |
🔍 |
|
TIBCO Spotfire Analytics Platform for AWS Marketplace |
🛠️ |
🛠️ |
|
TIBCO Spotfire Cloud Enterprise |
🛠️ |
🛠️ |
|
TIBCO Spotfire Server |
🛠️ |
🛠️ |
|
TIBCO Spotfire Statistics Services |
🛠️ |
🛠️ |
|
🛠️ |
🛠️ |
|
|
🛠️ |
🛠️ |
|
|
🛠️ |
🛠️ |
|
|
🛠️ |
🛠️ |
|
|
TIBCO® Law Enforcement Foundation Cloud |
🔍 |
🔍 |
|
TIBCO® Metadata - Agent |
🔍 |
🔍 |
|
TIBCO® Offer and Price Engine |
🔍 |
🔍 |
|
🛠️ |
🛠️ |