TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
Security@TIBCO
Public Notice
Spring Framework Vulnerability Update
02 May 2022
TIBCO is aware of the recently announced Java Spring Framework vulnerabilities (CVE-2022-22963, CVE-2022-22965), with one of them being referred to as “Spring4Shell”. These vulnerabilities potentially enable an attacker to execute arbitrary code by taking advantage of poor data bindings and/or malicious expression language statements.
TIBCO is also aware of CVE-2022-22950, and this issue is under investigation as part of our response to CVE-2022-22963 and CVE-2022-22965.
TIBCO is assessing the risk of CVE-2022-22968 and will respond as appropriate. At this time, we believe this is a low risk.
TIBCO is actively monitoring the still evolving situation and updates with regards to the Java Spring Framework and our Product Security Incident Response Team (PSIRT) is actively evaluating how this vulnerability may affect TIBCO products and cloud services.
We will provide updates as more information becomes available and we complete our investigation. This information will include which TIBCO products and services are affected and how customers and users of those products and services can best mitigate or protect themselves from being exploited by this vulnerability.
For more information on the vulnerability, please see the following references:
- CVE-2022-22950 (https://tanzu.vmware.com/security/cve-2022-22950)
- CVE-2022-22963 (https://tanzu.vmware.com/security/cve-2022-22963)
- CVE-2022-22965 (https://tanzu.vmware.com/security/cve-2022-22965)
For Active Security Vulnerabilities we will post daily updates by 5:00 PM PT
Spring Framework Status for TIBCO Products
(applies to versions that are currently in Standard Support)
New Products or status change not in previous updates are indicated by the product name in BOLD
Short Term Mitigations and Service Packs are hotlinked in the product name.
Legend
✅ - Unaffected
🛠️ - Remediated through Service Pack or Short Term Mitigation
🔍 - Under Investigation
|
TIBCO Product |
|||
|
TIBCO® distribution of Apache Kafka - All Versions |
✅ |
✅ |
✅ |
|
TIBCO® distribution of Apache Pulsar - All Versions |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix® Adapter Framework - All Versions |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix® Service Grid Platform version 3.4.0 and below |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ version 6.8.0 and below |
🔍 |
✅ |
🔍 |
|
TIBCO ActiveSpaces® - All Versions |
✅ |
✅ |
✅ |
|
TIBCO® Adapter Migration - All Versions |
✅ |
✅ |
✅ |
|
TIBCO® Adapter SDK - All Versions |
✅ |
✅ |
✅ |
|
TIBCO Administrator version 5.11.x and below |
✅ |
✅ |
✅ |
|
TIBCO Administrator version 5.12.0 and above |
🔍 |
✅ |
🔍 |
|
TIBCO® API Exchange Gateway - All Versions |
✅ |
✅ |
✅ |
|
TIBCO® AuditSafe version 1.1.1 and below |
✅ |
✅ |
✅ |
|
TIBCO® BPM Enterprise version 5.2.2 and below |
✅ |
✅ |
✅ |
|
TIBCO BusinessConnect™ and its plugins version 7.3 and below |
✅ |
✅ |
✅ |
|
TIBCO BusinessConnect™ Container Edition version 1.2 and below |
✅ |
✅ |
✅ |
|
🛠️ |
✅ |
🛠️ |
|
|
TIBCO BusinessWorks™ Container Edition version 2.7.1 and below |
🔍 |
✅ |
🔍 |
|
TIBCO BusinessWorks™ version 5.15.0 and above |
🔍 |
✅ |
🔍 |
|
TIBCO BusinessWorks™ version 5.14.0 and below |
✅ |
✅ |
✅ |
|
TIBCO BusinessWorks™ 5 adapters and plugins ecosystem |
✅ |
✅ |
✅ |
|
TIBCO BusinessWorks™ 6 adapters and plugins ecosystem |
✅ |
✅ |
✅ |
|
TIBCO BusinessWorks™ Container Edition plugins ecosystem |
✅ |
✅ |
✅ |
|
TIBCO® Clarity version 3.2.1 and below |
✅ |
✅ |
✅ |
|
TIBCO® Clarity – Cloud Edition version 3.1.0 and below |
✅ |
✅ |
✅ |
|
TIBCO Cloud |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ Compute |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ Data Streams |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ Events |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ Integration - Connect (Scribe) |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ Integration - Develop (Flogo) |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ Integration - Integrate (BusinessWorks) |
🔍 |
✅ |
🔍 |
|
TIBCO Cloud™ Messaging |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ Spotfire |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ Live Apps |
🔍 |
✅ |
🔍 |
|
TIBCO Cloud™ Nimbus® |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ API Management - Local Edition version 5.5.1 and below |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ API Management - SaaS Edition - All Versions |
✅ |
✅ |
✅ |
|
TIBCO DataSynapse GridServer® - All Versions |
✅ |
✅ |
✅ |
|
TIBCO DataSynapse™ High-Performance Computing Cloud Adapter - All Versions |
✅ |
✅ |
✅ |
|
TIBCO® Data Migrator - All Versions |
✅ |
✅ |
✅ |
|
TIBCO® Data Science version 1.2.1 and below |
✅ |
✅ |
✅ |
|
TIBCO® Data Science for TIBCO Spotfire® Analyst 14.0.0 and below |
✅ |
✅ |
✅ |
|
TIBCO® Data Science Service for TIBCO Spotfire® 14.0.1 and below |
🔍 |
✅ |
🔍 |
|
TIBCO® Data Science Team Studio version 6.6 and below |
✅ |
✅ |
✅ |
|
TIBCO® Data Virtualization version 8.5.2 and below |
✅ |
✅ |
✅ |
|
TIBCO EBX® version 6.0.5 and below |
✅ |
✅ |
✅ |
|
TIBCO EBX® Addons version 4.5.10 and above |
✅ |
✅ |
✅ |
|
TIBCO EBX® Addons version 5.3.2 and above |
✅ |
✅ |
✅ |
|
🛠️ |
✅ |
🛠️ |
|
|
TIBCO Enterprise Message Service™ - All Versions |
✅ |
✅ |
✅ |
|
TIBCO® Enterprise Runtime for R - Server Edition versions 1.3.7, 1.7.5, 1.11.1 |
🛠️ |
✅ |
🛠️ |
|
TIBCO Flogo® Connectors - All Versions |
✅ |
✅ |
✅ |
|
TIBCO FOCUS® - All Versions |
✅ |
✅ |
✅ |
|
TIBCO Foresight® Archive and Retrieval System - All Versions |
✅ |
✅ |
✅ |
|
TIBCO Foresight® Connect with FHIR version 1.0.1 and above |
✅ |
✅ |
✅ |
|
TIBCO Foresight® EDISIM - All Versions |
✅ |
✅ |
✅ |
|
TIBCO Foresight® EDISIM HIPAA Validator Desktop - All Versions |
✅ |
✅ |
✅ |
|
TIBCO Foresight® Operational Monitor - All Versions |
✅ |
✅ |
✅ |
|
TIBCO Foresight® Transaction Insight® - All Versions |
✅ |
✅ |
✅ |
|
TIBCO Foresight® Translator Attachment Adapter - All Versions |
✅ |
✅ |
✅ |
|
TIBCO Foresight® Translator - Healthcare and Standard Editions - All Versions |
✅ |
✅ |
✅ |
|
TIBCO eFTL™ - All Versions |
✅ |
✅ |
✅ |
|
TIBCO FTL® - All Versions |
✅ |
✅ |
✅ |
|
TIBCO Fulfillment® Order Management version 4.0.2 and below |
✅ |
✅ |
✅ |
|
TIBCO® Fulfillment Subscriber Inventory version 2.0 and below |
✅ |
✅ |
✅ |
|
TIBCO® Graph Database version 3.1.0 and below |
✅ |
✅ |
✅ |
|
TIBCO Hawk® version 5.2.0 and below |
✅ |
✅ |
✅ |
|
TIBCO Hawk® version 6.2.0 and above |
🔍 |
✅ |
🔍 |
|
TIBCO iProcess® Engine (Oracle, SQL, and DB2) - All Versions |
✅ |
✅ |
✅ |
|
TIBCO iProcess® Technology plug-ins - All Versions |
✅ |
✅ |
✅ |
|
TIBCO iProcess® Workspace (Windows, Browser, and plug-ins) - All Versions |
✅ |
✅ |
✅ |
|
TIBCO iWay® Service Manager version 8.0.5 and above |
✅ |
✅ |
✅ |
|
TIBCO® Inform Cloud version 8.5.0 and below |
✅ |
✅ |
✅ |
|
TIBCO JasperReports® IO (Professional and At-Scale offerings) version 3.0.x and below |
🛠️ |
✅ |
🛠️ |
|
TIBCO JasperReports® Library (Professional and Community offerings) |
✅ |
✅ |
✅ |
|
TIBCO JasperReports® Server (Professional and Community offerings) version 8.0.x and below |
✅ |
✅ |
✅ |
|
🛠️ |
✅ |
🛠️ |
|
|
TIBCO JasperReports® Server for Azure version 8.0.x and below |
🛠️ |
✅ |
🛠️ |
|
TIBCO Jaspersoft® Studio (Professional and Community offerings) version 8.0.x and below |
🛠️ |
✅ |
🛠️ |
|
TIBCO LogLogic® Enterprise Virtual Appliance version 6.3.0 and below |
✅ |
✅ |
✅ |
|
TIBCO LogLogic® Enterprise Virtual Appliance version 6.3.1 and above |
🔍 |
✅ |
🔍 |
|
TIBCO LogLogic® Log Management Intelligence version 6.3.0 and below |
✅ |
✅ |
✅ |
|
🛠️ |
✅ |
🛠️ |
|
|
TIBCO LogLogic® Log Management Intelligence version 6.4.0 and above |
🛠️ |
✅ |
🛠️ |
|
TIBCO LogLogic® Log Source Packages - All Versions |
✅ |
✅ |
✅ |
|
TIBCO LogLogic® Universal Collector Software version 2.8.0 and above |
✅ |
✅ |
✅ |
|
TIBCO® Managed File Transfer Command Center version 8.4 and below |
🛠️ |
✅ |
🛠️ |
|
TIBCO® Managed File Transfer Internet Server version 8.4 and below |
🛠️ |
✅ |
🛠️ |
|
TIBCO® Managed File Transfer Platform Server for UNIX/zLinux - All Versions |
✅ |
✅ |
✅ |
|
TIBCO® Managed File Transfer Platform Server for Windows - All Versions |
✅ |
✅ |
✅ |
|
TIBCO® Managed File Transfer Platform Server for z/OS - All Versions |
✅ |
✅ |
✅ |
|
TIBCO® MDM version 9.3.0 and below |
✅ |
✅ |
✅ |
|
TIBCO® Messaging - Eclipse Mosquitto Distribution - All Versions |
✅ |
✅ |
✅ |
|
TIBCO® Messaging Manager - All Versions |
✅ |
✅ |
✅ |
|
TIBCO® Messaging Monitor - All Versions |
✅ |
✅ |
✅ |
|
TIBCO® Metadata Agent version 3.0.3 and below |
🔍 |
✅ |
🔍 |
|
TIBCO® ModelOps version 1.1 and below |
✅ |
✅ |
✅ |
|
TIBCO Nimbus® version 10.5.0 and below |
✅ |
✅ |
✅ |
|
TIBCO Nimbus® Service version 10.5.0 and below |
✅ |
✅ |
✅ |
|
TIBCO® Offer and Price Engine version 5.1.0 and below |
🔍 |
🔍 |
🔍 |
|
TIBCO Omni-Gen® version 3.1.6 through 4.1.1 |
✅ |
✅ |
✅ |
|
TIBCO® OpenSpirit versions 4.3 and below |
✅ |
✅ |
✅ |
|
TIBCO® Operational Intelligence Agent version 3.0.0 and above |
🔍 |
✅ |
🔍 |
|
TIBCO® Operational Intelligence Hawk® RedTail version 7.0.0 and above |
🔍 |
✅ |
🔍 |
|
TIBCO® Order Management version 5.1.0 and below |
🔍 |
🔍 |
🔍 |
|
TIBCO® Order Management - LR version 5.0.1 and below |
🔍 |
✅ |
🔍 |
|
🛠️ |
✅ |
🛠️ |
|
|
TIBCO® Product & Catalog version 4.1.0 and below |
✅ |
✅ |
✅ |
|
TIBCO Rendezvous® - All Versions |
✅ |
✅ |
✅ |
|
TIBCO® Reward version 22.2 and below |
✅ |
✅ |
✅ |
|
TIBCO Runtime Agent™ version 5.11.2 and below |
✅ |
✅ |
✅ |
|
TIBCO Runtime Agent™ version 5.12.1 and above |
🔍 |
✅ |
🔍 |
|
TIBCO Scribe® Insight version 7.9.5 |
✅ |
✅ |
✅ |
|
TIBCO Silver® Fabric - All Versions |
✅ |
✅ |
✅ |
|
TIBCO Spotfire® for Amazon Web Services version 11.8.1 |
✅ |
✅ |
✅ |
|
TIBCO Spotfire® Analyst - All Versions |
✅ |
✅ |
✅ |
|
TIBCO Spotfire® Automation Services - All Versions |
✅ |
✅ |
✅ |
|
TIBCO Spotfire® Business Author - All Versions |
✅ |
✅ |
✅ |
|
TIBCO Spotfire® Cloud Enterprise - All Versions |
🛠️ |
✅ |
🛠️ |
|
TIBCO Spotfire® Consumer - All Versions |
✅ |
✅ |
✅ |
|
TIBCO Spotfire® Desktop - All Versions |
✅ |
✅ |
✅ |
|
TIBCO Spotfire® Qualification - All Versions |
✅ |
✅ |
✅ |
|
🛠️ |
✅ |
🛠️ |
|
|
TIBCO Spotfire® Service for Python versions 1.0.7, 1.3.5, and 1.11.1 |
🛠️ |
✅ |
🛠️ |
|
TIBCO Spotfire® Statistics Services version 10.10.9, 11.4.6, and 11.8.1 |
🛠️ |
✅ |
🛠️ |
|
TIBCO Statistica® version 14.0 and below |
✅ |
✅ |
✅ |
|
TIBCO® Streaming version 10.6.2 and below |
✅ |
✅ |
✅ |
|
✅ |
✅ |
✅ |
|
|
TIBCO WebFOCUS® Reporting Server - All Versions |
✅ |
✅ |
✅ |
|
WebFOCUS®, iWay® Service Manager, and Omni-Gen® - Legacy Versions |
✅ |
✅ |
✅ |