Is the TIBCO Data Virtualization Server impacted by the CVE-2021-40438 - Apache vulnerability?

Is the TIBCO Data Virtualization Server impacted by the CVE-2021-40438 - Apache vulnerability?

book

Article ID: KB0072769

calendar_today

Updated On:

Products Versions
TIBCO Data Virtualization All supported versions

Description

This article answers the question of whether the TIBCO Data Virtualization(TDV) Server is impacted by the CVE-2021-40438 - Apache vulnerability or not. Refer to vulnerability details in the reference section of the article. 

Resolution

TDV nor any of its 3rd party dependencies (including Drill) do not use/include Apache HTTP Server. TDV & Drill both use Jetty as their HTTP server technology. Therefore, TDV nor any of its third-party libraries (including Drill) does not use Apache HTTP Server and therefore is not prone to this vulnerability - CVE-2021-40438.

Issue/Introduction

Is the TIBCO Data Virtualization Server impacted by the CVE-2021-40438 - Apache vulnerability?

Additional Information

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40438