Description:
A problem has been identified in all 4.x versions of TIBCO PortalBuilder (and TIBCO PortalBuilder, Yahoo! Edition) that could allow unauthorized user access to the portal.  The problem is restriced to two specific user authentication mechanisms, Plug-In and Enhanced Web Server.  If you are using either of these two authentication methods with a 4.x version of PB, this notice applies to your portal deployment.

Please see the attached document, "PB4_Security_Fix" for more complete details.

Because of the potentially serious nature of the problem, TIBCO is releasing a fix for any version that could be affected.  This includes versions that are obsolete or outside of their "active" support window.  The download and subsequent application of this hotfix by an end user does not alter the support status of any particular version of the product.

A HotFix is being made available for all 4.x versions of PB to fix this issue.  You will need to download the fix that matches your version, apply the hotfix to all instances in your deployment, and then restart all of the web servers for the fix to take effect.  TIBCO customers with eSupport logins can obtain the fix from ftp://support-ftp.tibco.com/available_downloads and providing a valid eSupport username and password.

Complete download instructions can be found in the attached document.