TIBCO Spotfire Resolution and Mitigation for the Apache Commons Text (Text4Shell) Vulnerability

TIBCO Spotfire Resolution and Mitigation for the Apache Commons Text (Text4Shell) Vulnerability

book

Article ID: KB0071817

calendar_today

Updated On:

Products Versions
Spotfire Server All

Description

TIBCO is aware of the recently announced Apache Commons Text vulnerability (CVE-2022-42889), referred to as “Text4Shell”. For more information about the general TIBCO investigation into this, please refer to TIBCO Public Notice Text4Shell Vulnerability Update. This article provides additional information on how TIBCO Spotfire products in particular are affected.

Environment

All

Resolution

The following versions are now available for download from the TIBCO eDelivery site and the AWS Marketplace. Upgrade to these versions which contains remediation of CVE-2022-42889:
  • TIBCO Spotfire® Server 12.1.0, 12.0.2, 11.4.9
  • TIBCO Spotfire® Statistics Services 12.1.0, 12.0.2, 11.4.10
  • TIBCO Spotfire® Analytics Platform for AWS Marketplace 12.1.0 
Note: the versions that have received Services Packs are those currently supported with Service Packs, as listed under the "Version Status" section of Overview of TIBCO Spotfire Releases.

Issue/Introduction

This article contains resolution and mitigation steps for Apache Commons Text vulnerability (CVE-2022-42889) for the TIBCO Spotfire product suite.

Additional Information

TIBCO Public Notice about Apache Commons Text Vulnerability & JXPath
Powered by Wolken Software