TIBCO BusinessWorks Resolution and Mitigation for Spring Framework Vulnerabilities
Article ID: KB0072237
Updated On:
| Products | Versions |
|---|---|
| TIBCO ActiveMatrix BusinessWorks | 5.x, 6.x |
Description
The TIBCO Security team is aware of the recently announced Java Spring Framework vulnerabilities (CVE-2022-22963, CVE-2022-22965), with one of them being referred to as “Spring4Shell”. These vulnerabilities potentially enable an attacker to execute arbitrary code by taking advantage of poor data bindings and/or malicious expression language statements.
TIBCO is also aware of CVE-2022-22950, and this issue is under investigation as part of our response to CVE-2022-22963 and CVE-2022-22965.
For more information about the general TIBCO investigation into this, please refer to TIBCO Public Notice Spring Framework Vulnerability Update.
This article provides additional information on how TIBCO BusinessWorks product suite in particular is affected.
Versions with resolution or mitigation steps
Versions that are not affected
TIBCO is also aware of CVE-2022-22950, and this issue is under investigation as part of our response to CVE-2022-22963 and CVE-2022-22965.
For more information about the general TIBCO investigation into this, please refer to TIBCO Public Notice Spring Framework Vulnerability Update.
This article provides additional information on how TIBCO BusinessWorks product suite in particular is affected.
Versions with resolution or mitigation steps
- TIBCO BusinessWorks 6.8.0
- TIBCO BusinessWorks 6.7.0
- TIBCO BusinessWorks Container Edition (BWCE) 2.7.1
Versions that are not affected
- TIBCO BusinessWorks 6.6.x and below
- TIBCO BusinessWorks 5.14.0 and below
- TIBCO BusinessWorks 5.15.0
Issue/Introduction
This article contains resolution and mitigation steps for the Spring Framework vulnerabilities (also referred to as Spring4Shell and SpringShell) for the TIBCO BusinessWorks product suite - 5.x, 6.x and BWCE.
Resolution
For TIBCO BusinessWorks, the following service pack / hotfix have been released.
For TIBCO BusinessWorks Container Edition, the following service pack have been released.
The service packs can be downloaded from TIBCO eDelivery site and hotfix are available on TIBCO Support portal.
- TIBCO BusinessWorks 6.8.1
- TIBCO BusinessWorks 6.7.0 Hotfix-05
For TIBCO BusinessWorks Container Edition, the following service pack have been released.
- TIBCO BusinessWorks Container Edition (BWCE) 2.7.2
The service packs can be downloaded from TIBCO eDelivery site and hotfix are available on TIBCO Support portal.
Additional Information
Spring Framework Vulnerability Update, TIBCO Public Notice
• https://www.tibco.com/support/notices/spring-framework-vulnerability-update
TIBCO BusinessWorks 6.7.0 Hotfix-05
• https://support.tibco.com/s/article/TIBCO-ActiveMatrix-BusinessWorks-6-7-0-Hotfix-05-is-available
• https://www.tibco.com/support/notices/spring-framework-vulnerability-update
TIBCO BusinessWorks 6.7.0 Hotfix-05
• https://support.tibco.com/s/article/TIBCO-ActiveMatrix-BusinessWorks-6-7-0-Hotfix-05-is-available
Feedback
Yes
No
Powered by
