LBN Originally Published: April10, 2014

LBN Revised April 17, 2014: TIBCO BusinessEvents® and TIBCO BusinessWorks® Express added, TIBCO® Enterprise Runtime for R removed

Revised Content:

To: TIBCO CUSTOMER, OEM PARTNERS AND DISTRIBUTORS

Subject: (SR_ID: 432555) Statement regarding the OpenSSL Heartbleed vulnerability

Dear TIBCO Customer,

TIBCO has received customer and partner inquiries regarding the recently announced OpenSSL Heartbleed vulnerability (CVE 2014-0160). We have completed an evaluation of our currently shipping products, and the following are known to be affected by the vulnerability:

• TIBCO ActiveSpaces® Enterprise Edition

• TIBCO ActiveSpaces® Remote Client

• TIBCO ActiveSpaces® Transactions

• TIBCO BusinessEvents®
  

• TIBCO BusinessEvents® Extreme

• TIBCO BusinessWorks® Express

• TIBCO LogLogic® ST Appliance

• TIBCO LogLogic® LX Appliance

• TIBCO LogLogic® MX Appliance

• TIBCO LogLogic® Enterprise Virtual Appliance

• TIBCO LogLogic® Log Management Intelligence

All other currently shipping TIBCO products are not affected by the OpenSSL Heartbleed vulnerability.

TIBCO expects to issue fixes for each of the above affected products within seven days of this notice. Announcements regarding the availability of individual product fixes will be published as Late Breaking News (LBN) articles. To be notified when a fix is available:

• Log in to TIBCO Support Central

• Navigate to the My Profile tab

• Select Knowledge Base subscription

• Create a subscription for each of the products about which you wish to be notified. Be sure to select the box labelled LBN.
  (Note: for TIBCO ActiveSpaces Enterprise Edition, please select the product TIBCO ActiveSpaces®)

Once you have created a subscription, you will receive notification as soon as an LBN is published for the selected product.