TIBCO Runtime Agent Mitigation for CVE-2021-44228
Article ID: KB0071182
Updated On:
| Products | Versions |
|---|---|
| TIBCO Runtime Agent (TRA) | 5.x.x |
Description
TIBCO’s Security Team is actively monitoring the information coming out about the Apache Log4J Vulnerability and our Product Security Incident Response Team (PSIRT) is actively evaluating how this vulnerability may affect TIBCO products and cloud services.
Issue/Introduction
Environment
Resolution
1. For TIBCO Runtime Agent (TRA) 5.12.0, remediation is provided in TRA 5.12.0 Hotfix-01 (which updates log4j to 2.16.0). Please see the article https://support.tibco.com/s/article/TIBCO-Runtime-Agent-TRA-5-12-0-Hotfix-01-is-now-available.
Alternatively, users can install TRA 5.12.1. TRA 5.12.1 updates log4j to 2.17.1. Please see TRA 5.12.1 release notes for details. at https://docs.tibco.com/pub/runtime_agent/5.12.1/TIB_TRA_5.12.1_relnotes.pdf?id=3.
2. For TIBCO Runtime Agent (TRA) 5.11.3, remediation is provided; release already updates log4j to 2.17.0, please see TRA 5.11.3 release notes for details at https://docs.tibco.com/pub/runtime_agent/5.11.3/TIB_TRA_5.11.3_relnotes.pdf?id=3
3. TRA 5.11.2 and lower versions, TIBCO Administrator (Admin) 5.11.2 and lower versions either do not use Apache Log4J or are not on an affected version of Log4J.
3. For TRA 5.10.x, please refer to article# 000046322.
Additional Information
- https://www.tibco.com/support/notices/2021/12/apache-log4j-vulnerability-update
KB 000045606 Apache Log4J Vulnerability and Impact to TIBCO Products and Services
- https://support.tibco.com/s/article/Apache-Log4J-Vulnerability-and-Impact-to-TIBCO-Products-and-Services
Feedback
