Products | Versions |
---|---|
ibi WebFOCUS | - |
ibi Omni | - |
ibi FOCUS | - |
TIBCO is aware of the recently announced Apache Log4J vulnerabilities (CVE-2021-44228 and or CVE-2021-45046). Performing these attacks requires an attacker to have control of log messages or at least the parameters for a given log message. These vulnerabilities theoretically enables arbitrary code to be executed on the affected system.
TIBCO’s Security Team is actively monitoring the information coming out about the Apache Log4J vulnerabilities and our Product Security Incident Response Team (PSIRT) is actively evaluating how these may affect TIBCO products and cloud services.
The following releases of legacy ibi products are not impacted by CVE-2021-44228 or CVE-2021-45046, remote code execution vulnerabilities in Apache Log4J.To obtain hotfixes for TIBCO WebFOCUS 8207.28, and TIBCO Omni-Gen, see the available hotfixes here.
Hotfixes for legacy WebFOCUS releases (8206.33 and 8207.0 - 8207.26) are available on demand by opening a case with TIBCO Support. Note that the recommendation for anyone on the WebFOCUS 8205 release is to apply 8206.33.