Products | Versions |
---|---|
TIBCO Data Virtualization | 8.5.0, 8.4.0, 8.3.0, 8.2.0 |
TIBCO is aware of the recently announced Apache Log4J vulnerabilities (CVE-2021-44228, CVE-2021-45046 and CVE-2021-45105, and CVE-2021-44832). TIBCO is also aware of CVE-2021-4104 and this issue was investigated as part of our response to CVE-2021-44228. It is addressed by Note 1 below.
Note 1:
If a customer has implemented the JMSAppender class for plugins they have written they should check to make sure they don’t expose this vulnerability. For more details see: https://github.com/apache/logging-log4j2/pull/608#issuecomment-991723301
TIBCO Data Virtualization 8.5.2 service pack (updating the log4j2 version to 2.17.1) is now available for download from the TIBCO eDelivery site (https://edelivery.tibco.com). See the attached file "TDV Resolution for Log4Shell.pdf" for the details of the resolution.
Apache Log4J Vulnerability Update
KB 000045606 Apache Log4J Vulnerability and Impact to TIBCO Products and Services
TIBCO Data Virtualization 8.5.2 Release notes