TIBCO Statistica Service for TIBCO Spotfire: Resolution and Mitigation for Apache Log4j Vulnerabilies

TIBCO Statistica Service for TIBCO Spotfire: Resolution and Mitigation for Apache Log4j Vulnerabilies

book

Article ID: KB0072725

calendar_today

Updated On:

Products

Statistica Spotfire Server

Description

TIBCO is aware of the recently announced Apache Log4J vulnerability (CVE-2021-44228 ,CVE-2021-45046 and CVE-2021-45105), referred to as “Log4Shell”. Performing these attacks requires an attacker to have control of log messages or at least the parameters for a given log message. This vulnerability theoretically enables arbitrary code to be executed on the affected system.

TIBCO’s Security Team is actively monitoring the information coming out about the Apache Log4J Vulnerability and our Product Security Incident Response Team (PSIRT) is actively evaluating how this vulnerability may affect TIBCO products and cloud services.

Issue/Introduction

This article contains the initial mitigation and resolution for Apache Log4J vulnerability of the TIBCO Statistica Service for TIBCO Spotfire

Environment

All Supported Platforms

Resolution

See the attached file "TIBStatSvcSpotfireMitigationLog4j" for the initial mitigation steps for the issue. These instructions are based on the mitigation documented by Apache for different vulnerable versions of Log4j2.Note that the mitigation steps have to be followed for consumers of TIBCO Statistica Service for TIBCO for Spotfire - Version 13.6. 

There is also a hot-fix readily available to fix the Apache Log4j vulnerabilities of TIBCO Statistica Service for TIBCO for Spotfire - Version 14:https://support.tibco.com/s/article/TIBCO-Statistica-14-0-hotfix-V140HF03-is-now-available

We will provide updates as more information becomes available and we complete our investigation. Please contact TIBCO Support with any questions.

Additional Information

Apache Log4J Vulnerability Update
KB 000045606 Apache Log4J Vulnerability and Impact to TIBCO Products and Services

Attachments

TIBCO Statistica Service for TIBCO Spotfire: Resolution and Mitigation for Apache Log4j Vulnerabilies get_app