CVE-2024-21733 does not affect BE 6.3.0 and 6.2.2 versions
Article ID: KB0070630
Updated On:
| Products | Versions |
|---|---|
| TIBCO BusinessEvents Enterprise Edition | 6.2.2 base through 6.2.2 HF5, 6.3.0 base through 6.3.0 HF2, 6.3.0 base through 6.3.0 HF2 |
Description
This is a note for CVE-2024-21733 Apache Tomcat vulnerability which generates Error Message containing sensitive information when an incomplete POST request is triggered. This error message could contain data from a previous request from another user.
Affected version: 8.5.7 through 8.5.63 and 9.0.0-M11 through 9.0.43.
Fix: Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards.
Issue/Introduction
This is a note for impact related to CVE-2024-21733 on BE 6.3.0 and 6.2.2 versions.
Environment
All
Resolution
BE 6.2.2 and BE6.3.0 including HF family are not affected by this CVE as both are well past 9.0.43 version:
- BE 6.2.2 base uses Tomcat 9.0.63, through HF5 which uses Tomcat 9.0.83.
- BE 6.3.0 base uses Tomcat 9.0.75, through HF2 which uses Tomcat 9.0.82.
Additional Information
https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz
https://www.cvedetails.com/cve/CVE-2024-21733/
https://www.cve.org/CVERecord?id=CVE-2024-21733
https://www.cvedetails.com/cve/CVE-2024-21733/
https://www.cve.org/CVERecord?id=CVE-2024-21733
Feedback
Yes
No
Powered by
