TIBCO takes its security responsibilities very seriously. This page provides information about TIBCO security and how customers or security researchers can contact TIBCO to report or ask about a security issue.
Security@TIBCO
Public Notice
Spring Framework Vulnerability Update
01 April 2022
TIBCO is aware of the recently announced Java Spring Framework vulnerabilities (CVE-2022-22963, CVE-2022-22965), with one of them being referred to as “Spring4Shell”. These vulnerabilities potentially enable an attacker to execute arbitrary code by taking advantage of poor data bindings and/or malicious expression language statements.
TIBCO is also aware of CVE-2022-22950, and this issue is under investigation as part of our response to CVE-2022-22963 and CVE-2022-22965.
TIBCO is actively monitoring the still evolving situation and updates with regards to the Java Spring Framework and our Product Security Incident Response Team (PSIRT) is actively evaluating how this vulnerability may affect TIBCO products and cloud services.
We will provide updates as more information becomes available and we complete our investigation. This information will include which TIBCO products and services are affected and how customers and users of those products and services can best mitigate or protect themselves from being exploited by this vulnerability.
For more information on the vulnerability, please see the following references:
- CVE-2022-22950 (https://tanzu.vmware.com/security/cve-2022-22950)
- CVE-2022-22963 (https://tanzu.vmware.com/security/cve-2022-22963)
- CVE-2022-22965 (https://tanzu.vmware.com/security/cve-2022-22965)
Spring Framework Status for TIBCO Products
(applies to versions that are currently in Standard Support)
New Products or status change not in previous updates are indicated by the product name in BOLD
Short Term Mitigations and Service Packs are hotlinked in the product name.
Legend
✅ - Unaffected or remediated
🔍 - Under Investigation
|
TIBCO Product |
|||
|
TIBCO® distribution of Apache Kafka |
✅ |
✅ |
✅ |
|
TIBCO® distribution of Apache Pulsar |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix® Adapter for Files for Unix/Win |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix® Adapter for Files for Unix/Win |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix® Adapter for JD Edwards EnterpriseOne |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix® Adapter for LDAP |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix® Adapter for OSIsoft PI |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix® Adapter for PeopleSoft |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix® Adapter for Siebel |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix® Adapter for WebSphere MQ |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix® Adapter Framework |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ ActiveAspects Plug-in |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for Concur Solutions - Community Edition |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for Database |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for EJB |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for Facebook |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for Files for Unix and Windows |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for Google BigQuery |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for Google Cloud Storage |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for JD Edwards EnterpriseOne |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for Microsoft Excel |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for OData Services for SAP S/4HANA |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for Oracle E-Business Suite |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for Oracle Tuxedo |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for OSIsoft PI System |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for PDF |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for PeopleSoft |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for SAP Ariba |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for SAP HANA Database |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for SAP Solutions |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for SAP SuccessFactors |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for sFTP |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for Siebel |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for SmartMapper |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for Snowflake |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for SWIFT |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for Trillium |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for Twitter |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ Plug-in for Zendesk - Community Edition |
✅ |
✅ |
✅ |
|
TIBCO ActiveMatrix BusinessWorks™ SmartMapper Enterprise Server |
✅ |
✅ |
✅ |
|
TIBCO ActiveSpaces® |
✅ |
✅ |
✅ |
|
TIBCO® Adapter Migration |
✅ |
✅ |
✅ |
|
TIBCO® Adapter SDK |
✅ |
✅ |
✅ |
|
TIBCO® distribution of Apache Kafka |
✅ |
✅ |
✅ |
|
TIBCO® distribution of Apache Pulsar |
✅ |
✅ |
✅ |
|
TIBCO® AuditSafe version 1.1.1 and below |
🔍 |
✅ |
🔍 |
|
TIBCO® BPM Enterprise version 5.2.2 and below |
🔍 |
✅ |
🔍 |
|
TIBCO BusinessConnect™ Container Edition version 1.1.1 and below |
🔍 |
✅ |
🔍 |
|
TIBCO BusinessWorks™ Enterprise Edition version 6.8.0 and below |
🔍 |
✅ |
🔍 |
|
TIBCO Cloud |
🔍 |
✅ |
🔍 |
|
TIBCO Cloud™ Compute version 2.42.0 and below |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ Dashboard version 1.40.0 and below |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ Integration - Develop (Flogo) version 2.16.0 and below |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ Messaging |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ Spotfire version 11.8.0 and below |
🔍 |
✅ |
🔍 |
|
TIBCO Cloud™ Live Apps version 1.45.0 and below |
🔍 |
✅ |
🔍 |
|
TIBCO Cloud™ Nimbus® version 2.45.0 and below |
✅ |
✅ |
✅ |
|
TIBCO Cloud™ API Management - Local Edition version 5.5.1 and below |
✅ |
✅ |
✅ |
|
TIBCO® Data Science version 1.2.1 and below |
🔍 |
✅ |
🔍 |
|
TIBCO® Data Science for Spotfire® Analyst version 14.0.0 and below |
✅ |
✅ |
✅ |
|
TIBCO Data Science for TIBCO Spotfire® Analyst version 14.0.1 and below |
🔍 |
✅ |
🔍 |
|
TIBCO® Data Science Team Studio version 6.6 and below |
🔍 |
✅ |
🔍 |
|
TIBCO® Data Virtualization version 8.5.2 and below |
✅ |
✅ |
✅ |
|
TIBCO EBX® version 6.0.5 and below |
✅ |
✅ |
✅ |
|
TIBCO EBX® Addons version 5.3.1 and below |
🔍 |
✅ |
🔍 |
|
TIBCO® Enterprise Administrator version 2.4.1 and below |
🔍 |
✅ |
🔍 |
|
TIBCO Enterprise Message Service™ |
✅ |
✅ |
✅ |
|
TIBCO Flogo® Connector for Amazon Elastic File System |
✅ |
✅ |
✅ |
|
TIBCO Flogo® Connector for Amazon Glacier |
✅ |
✅ |
✅ |
|
TIBCO Flogo® Connector for GitHub |
✅ |
✅ |
✅ |
|
TIBCO Flogo® Connector for Google Cloud SQL |
✅ |
✅ |
✅ |
|
TIBCO Flogo® Connector for Google Cloud Storage |
✅ |
✅ |
✅ |
|
TIBCO Flogo® Connector for Jira |
✅ |
✅ |
✅ |
|
TIBCO Flogo® Connector for Oracle Database |
✅ |
✅ |
✅ |
|
TIBCO Flogo® Connector for SAP Cloud for Customer |
✅ |
✅ |
✅ |
|
TIBCO Flogo® Connector for SAP HANA Database |
✅ |
✅ |
✅ |
|
TIBCO Flogo® Connector for SAP S/4HANA Cloud |
✅ |
✅ |
✅ |
|
TIBCO Flogo® Connector for SAP SuccessFactors |
✅ |
✅ |
✅ |
|
TIBCO Flogo® Connector for Snowflake |
✅ |
✅ |
✅ |
|
TIBCO eFTL™ |
✅ |
✅ |
✅ |
|
TIBCO FTL® |
✅ |
✅ |
✅ |
|
TIBCO® Graph Database version 3.1.0 and below |
✅ |
✅ |
✅ |
|
TIBCO iWay® Service Manager version 8.0.6 and below |
🔍 |
✅ |
🔍 |
|
TIBCO JasperReports® IO (Professional and At-Scale offerings) version 3.0.x and below |
🔍 |
✅ |
🔍 |
|
TIBCO JasperReports® Library (Professional and Community offerings) |
🔍 |
✅ |
🔍 |
|
TIBCO JasperReports® Server (Professional and Community offerings) version 8.0.x and below |
🔍 |
✅ |
🔍 |
|
🔍 |
✅ |
🔍 |
|
|
TIBCO JasperReports® Server for Azure version 8.0.x and below |
🔍 |
✅ |
🔍 |
|
TIBCO Jaspersoft® Studio (Professional and Community offerings) version 8.0.x and below |
🔍 |
✅ |
🔍 |
|
TIBCO® Managed FiIe Transfer Command Center version 8.4 and below |
🔍 |
✅ |
🔍 |
|
TIBCO® Managed File Transfer Internet Server version 8.4 and below |
🔍 |
✅ |
🔍 |
|
TIBCO® MDM version 9.3.0 and below |
🔍 |
✅ |
🔍 |
|
TIBCO® Messaging - Eclipse Mosquitto Distribution |
✅ |
✅ |
✅ |
|
TIBCO® Messaging Manager |
✅ |
✅ |
✅ |
|
TIBCO® Messaging Monitor |
✅ |
✅ |
✅ |
|
TIBCO® Metadata Agent version 3.0.3 and below |
🔍 |
✅ |
🔍 |
|
TIBCO® ModelOps version 1.1 and below (Indirectly through Streaming) |
🔍 |
✅ |
🔍 |
|
TIBCO Nimbus® version 10.5.0 and below |
✅ |
✅ |
✅ |
|
TIBCO Nimbus® Service version 10.5.0 and below |
✅ |
✅ |
✅ |
|
TIBCO Omni-Gen® version 4.1.1 and below |
🔍 |
✅ |
🔍 |
|
TIBCO® Product & Catalog version 4.1.0 and below |
✅ |
✅ |
✅ |
|
TIBCO Rendezvous® |
✅ |
✅ |
✅ |
|
TIBCO® Reward version 22.2 and below |
✅ |
✅ |
✅ |
|
TIBCO Spotfire® Analyst version 11.8.0 and below |
✅ |
✅ |
✅ |
|
TIBCO Spotfire® Cloud Enterprise version 11.7.0 and below |
🔍 |
✅ |
🔍 |
|
TIBCO Spotfire® Desktop version 11.8.0 and below |
✅ |
✅ |
✅ |
|
TIBCO Spotfire® for Amazon Web Services version 11.8.0 and below |
🔍 |
✅ |
🔍 |
|
TIBCO Spotfire® Server version 11.8.0 and below |
🔍 |
✅ |
🔍 |
|
TIBCO Spotfire® Statistics Services version 11.8.0 and below |
🔍 |
✅ |
🔍 |
|
TIBCO Statistica® version 14.0 and below |
✅ |
✅ |
✅ |
|
TIBCO® Streaming version 10.6.2 and below |
🔍 |
✅ |
🔍 |
|
TIBCO WebFOCUS® Reporting Server |
✅ |
✅ |
✅ |
|
TIBCO WebFOCUS® Web Application version 9.0.1 and below |
🔍 |
✅ |
🔍 |