Public Notice

Spring Framework Vulnerability Update

01 April 2022

TIBCO is aware of the recently announced Java Spring Framework vulnerabilities (CVE-2022-22963, CVE-2022-22965), with one of them being referred to as “Spring4Shell”. These vulnerabilities potentially enable an attacker to execute arbitrary code by taking advantage of poor data bindings and/or malicious expression language statements. 

TIBCO is also aware of CVE-2022-22950, and this issue is under investigation as part of our response to CVE-2022-22963 and CVE-2022-22965. 

TIBCO is actively monitoring the still evolving situation and updates with regards to the Java Spring Framework and our Product Security Incident Response Team (PSIRT) is actively evaluating how this vulnerability may affect TIBCO products and cloud services.

We will provide updates as more information becomes available and we complete our investigation. This information will include which TIBCO products and services are affected and how customers and users of those products and services can best mitigate or protect themselves from being exploited by this vulnerability.

For more information on the vulnerability, please see the following references:


 

Spring Framework Status for TIBCO Products

(applies to versions that are currently in Standard Support)

New Products or status change not in previous updates are indicated by the product name in BOLD

Short Term Mitigations and Service Packs are hotlinked in the product name.

Legend

✅ - Unaffected or remediated

🔍 - Under Investigation

 

TIBCO Product

CVE-2022-22950

CVE-2022-22963

CVE-2022-22965

TIBCO® distribution of Apache Kafka

TIBCO® distribution of Apache Pulsar

TIBCO ActiveMatrix® Adapter for Files for Unix/Win

TIBCO ActiveMatrix® Adapter for Files for Unix/Win

TIBCO ActiveMatrix® Adapter for JD Edwards EnterpriseOne

TIBCO ActiveMatrix® Adapter for LDAP

TIBCO ActiveMatrix® Adapter for OSIsoft PI

TIBCO ActiveMatrix® Adapter for PeopleSoft

TIBCO ActiveMatrix® Adapter for Siebel

TIBCO ActiveMatrix® Adapter for WebSphere MQ

TIBCO ActiveMatrix® Adapter Framework

TIBCO ActiveMatrix BusinessWorks™ ActiveAspects Plug-in

TIBCO ActiveMatrix BusinessWorks™ Plug-in for Concur Solutions - Community Edition

TIBCO ActiveMatrix BusinessWorks™ Plug-in for Database

TIBCO ActiveMatrix BusinessWorks™ Plug-in for EJB

TIBCO ActiveMatrix BusinessWorks™ Plug-in for Facebook

TIBCO ActiveMatrix BusinessWorks™ Plug-in for Files for Unix and Windows

TIBCO ActiveMatrix BusinessWorks™ Plug-in for Google BigQuery

TIBCO ActiveMatrix BusinessWorks™ Plug-in for Google Cloud Storage

TIBCO ActiveMatrix BusinessWorks™ Plug-in for JD Edwards EnterpriseOne

TIBCO ActiveMatrix BusinessWorks™ Plug-in for LDAP

TIBCO ActiveMatrix BusinessWorks™ Plug-in for Microsoft Excel

TIBCO ActiveMatrix BusinessWorks™ Plug-in for OData Services for SAP S/4HANA

TIBCO ActiveMatrix BusinessWorks™ Plug-in for Oracle E-Business Suite

TIBCO ActiveMatrix BusinessWorks™ Plug-in for Oracle Tuxedo

TIBCO ActiveMatrix BusinessWorks™ Plug-in for OSIsoft PI System

TIBCO ActiveMatrix BusinessWorks™ Plug-in for PDF

TIBCO ActiveMatrix BusinessWorks™ Plug-in for PeopleSoft

TIBCO ActiveMatrix BusinessWorks™ Plug-in for SAP Ariba

TIBCO ActiveMatrix BusinessWorks™ Plug-in for SAP HANA Database

TIBCO ActiveMatrix BusinessWorks™ Plug-in for SAP Solutions

TIBCO ActiveMatrix BusinessWorks™ Plug-in for SAP SuccessFactors

TIBCO ActiveMatrix BusinessWorks™ Plug-in for sFTP

TIBCO ActiveMatrix BusinessWorks™ Plug-in for Siebel

TIBCO ActiveMatrix BusinessWorks™ Plug-in for SmartMapper

TIBCO ActiveMatrix BusinessWorks™ Plug-in for Snowflake

TIBCO ActiveMatrix BusinessWorks™ Plug-in for SWIFT

TIBCO ActiveMatrix BusinessWorks™ Plug-in for Trillium

TIBCO ActiveMatrix BusinessWorks™ Plug-in for Twitter

TIBCO ActiveMatrix BusinessWorks™ Plug-in for Zendesk - Community Edition

TIBCO ActiveMatrix BusinessWorks™ SmartMapper Enterprise Server

TIBCO ActiveSpaces®

TIBCO® Adapter Migration

TIBCO® Adapter SDK

TIBCO® distribution of Apache Kafka

TIBCO® distribution of Apache Pulsar

TIBCO® AuditSafe version 1.1.1 and below

🔍

🔍 

TIBCO® BPM Enterprise version 5.2.2 and below

🔍

🔍 

TIBCO BusinessConnect™ Container Edition version 1.1.1 and below

🔍

🔍 

TIBCO BusinessWorks™ Enterprise Edition version 6.8.0 and below

🔍

🔍 

TIBCO Cloud 

🔍

🔍 

    TIBCO Cloud™ Compute version 2.42.0 and below

    TIBCO Cloud™ Dashboard version 1.40.0 and below

    TIBCO Cloud™ Integration - Develop (Flogo) version 2.16.0 and below

    TIBCO Cloud™ Messaging

    TIBCO Cloud™ Spotfire version 11.8.0 and below

🔍

🔍 

    TIBCO Cloud™ Live Apps version 1.45.0 and below

🔍

🔍 

    TIBCO Cloud™ Nimbus® version 2.45.0 and below

TIBCO Cloud™ API Management - Local Edition version 5.5.1 and below

TIBCO® Data Science version 1.2.1 and below

🔍

🔍 

TIBCO® Data Science for Spotfire® Analyst version 14.0.0 and below

TIBCO Data Science for TIBCO Spotfire® Analyst version 14.0.1 and below

🔍

🔍 

TIBCO® Data Science Team Studio version 6.6 and below

🔍

🔍 

TIBCO® Data Virtualization version 8.5.2 and below

TIBCO EBX® version 6.0.5 and below

TIBCO EBX® Addons  version 5.3.1 and below

🔍

🔍 

TIBCO® Enterprise Administrator version 2.4.1 and below

🔍

🔍 

TIBCO Enterprise Message Service™

TIBCO Flogo® Connector for Amazon Elastic File System

TIBCO Flogo® Connector for Amazon Glacier

TIBCO Flogo® Connector for GitHub

TIBCO Flogo® Connector for Google Cloud SQL

TIBCO Flogo® Connector for Google Cloud Storage

TIBCO Flogo® Connector for Jira

TIBCO Flogo® Connector for Oracle Database

TIBCO Flogo® Connector for SAP Cloud for Customer

TIBCO Flogo® Connector for SAP HANA Database

TIBCO Flogo® Connector for SAP S/4HANA Cloud

TIBCO Flogo® Connector for SAP SuccessFactors

TIBCO Flogo® Connector for Snowflake

TIBCO eFTL™

TIBCO FTL®

TIBCO® Graph Database version 3.1.0 and below

TIBCO iWay® Service Manager version 8.0.6 and below

🔍

🔍 

TIBCO JasperReports® IO (Professional and At-Scale offerings) version 3.0.x and below

🔍

🔍 

TIBCO JasperReports® Library (Professional and Community offerings)

 version 8.0.x and below

🔍

🔍 

TIBCO JasperReports® Server (Professional and Community offerings) version 8.0.x and below

🔍

🔍 

TIBCO JasperReports® Server for AWS version 8.0.x and below

🔍

🔍 

TIBCO JasperReports® Server for Azure version 8.0.x and below

🔍

🔍 

TIBCO Jaspersoft® Studio (Professional and Community offerings) version 8.0.x and below

🔍

🔍 

TIBCO® Managed FiIe Transfer Command Center version 8.4 and below

🔍

🔍 

TIBCO® Managed File Transfer Internet Server version 8.4 and below

🔍

🔍 

TIBCO® MDM version 9.3.0 and below

🔍

🔍 

TIBCO® Messaging - Eclipse Mosquitto Distribution

TIBCO® Messaging Manager

TIBCO® Messaging Monitor

TIBCO® Metadata Agent version 3.0.3 and below

🔍

🔍 

TIBCO® ModelOps  version 1.1 and below

(Indirectly through Streaming)

🔍

🔍 

TIBCO Nimbus® version 10.5.0 and below

TIBCO Nimbus® Service version 10.5.0 and below

TIBCO Omni-Gen® version 4.1.1 and below

🔍

🔍 

TIBCO® Product & Catalog version 4.1.0 and below

TIBCO Rendezvous®

TIBCO® Reward version 22.2 and below

TIBCO Spotfire® Analyst version 11.8.0 and below

    TIBCO Spotfire® Cloud Enterprise  version 11.7.0 and below

🔍

🔍 

TIBCO Spotfire® Desktop version 11.8.0 and below

TIBCO Spotfire® for Amazon Web Services version 11.8.0 and below

🔍

🔍 

TIBCO Spotfire® Server version 11.8.0 and below

🔍

🔍 

TIBCO Spotfire® Statistics Services version 11.8.0 and below

🔍

🔍 

TIBCO Statistica® version 14.0 and below

TIBCO® Streaming version 10.6.2 and below

🔍

🔍 

TIBCO WebFOCUS® Reporting Server

TIBCO WebFOCUS® Web Application version 9.0.1 and below

🔍

🔍