TIBCO is aware of the Apache Log4j 1.2 vulnerabilities (CVE-2019-17571, CVE-2020-9488, CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, and CVE-2022-23307).

TIBCO’s Security Team is actively monitoring the information coming out about the Apache Log4j vulnerabilities and our Product Security Incident Response Team (PSIRT) is actively evaluating how these may affect TIBCO products and cloud services.

The following releases of legacy ibi products are not impacted by CVE-2019-17571, CVE-2020-9488, CVE-2021-4104, CVE-2022-23302, CVE-2022-23305, or CVE-2022-23307.

• TIBCO WebFOCUS Releases 8204 and earlier
• TIBCO Data Migrator Releases 8204 and earlier
• TIBCO WebFOCUS App Studio (all releases)
• TIBCO iWay Service Manager (all releases)
• Mainframe FOCUS (all releases)

• https://www.tibco.com/support/notices/2021/12/apache-log4j-vulnerability-update

• https://logging.apache.org/log4j/1.2/index.html