CVE-2024-21733 does not affect BE 6.3.0 and 6.2.2 versions
Article ID: KB0070630
Updated On:
| Products | Versions |
|---|---|
| TIBCO BusinessEvents Enterprise Edition | 6.2.2 base through 6.2.2 HF5, 6.3.0 base through 6.3.0 HF2, 6.3.0 base through 6.3.0 HF2 |
Description
This is a note for CVE-2024-21733 Apache Tomcat vulnerability which generates Error Message containing sensitive information when an incomplete POST request is triggered. This error message could contain data from a previous request from another user.
Affected version: 8.5.7 through 8.5.63 and 9.0.0-M11 through 9.0.43.
Fix: Users are recommended to upgrade to version 8.5.64 onwards or 9.0.44 onwards.
Environment
All
Resolution
BE 6.2.2 and BE6.3.0 including HF family are not affected by this CVE as both are well past 9.0.43 version:
- BE 6.2.2 base uses Tomcat 9.0.63, through HF5 which uses Tomcat 9.0.83.
- BE 6.3.0 base uses Tomcat 9.0.75, through HF2 which uses Tomcat 9.0.82.
Issue/Introduction
This is a note for impact related to CVE-2024-21733 on BE 6.3.0 and 6.2.2 versions.
Additional Information
https://lists.apache.org/thread/h9bjqdd0odj6lhs2o96qgowcc6hb0cfz
https://www.cvedetails.com/cve/CVE-2024-21733/
https://www.cve.org/CVERecord?id=CVE-2024-21733
https://www.cvedetails.com/cve/CVE-2024-21733/
https://www.cve.org/CVERecord?id=CVE-2024-21733
Feedback
Yes
No
Powered by
