TIBCO Hawk: Mitigation for CVE-2021-44228 (Log4Shell)
Article ID: KB0072372
Updated On:
| Products | Versions |
|---|---|
| TIBCO Hawk | 7.x, 6.x, 5.2 |
Description
TIBCO is aware of the recently announced Apache Log4J vulnerability (CVE-2021-44228), referred to as “Log4Shell”. Performing these attacks requires an attacker to have control of log messages or at least the parameters for a given log message. This vulnerability theoretically enables arbitrary code to be executed on the affected system.
TIBCO’s Security Team is actively monitoring the information coming out about the Apache Log4J Vulnerability and our Product Security Incident Response Team (PSIRT) is actively evaluating how this vulnerability may affect TIBCO products and cloud services.
TIBCO’s Security Team is actively monitoring the information coming out about the Apache Log4J Vulnerability and our Product Security Incident Response Team (PSIRT) is actively evaluating how this vulnerability may affect TIBCO products and cloud services.
Issue/Introduction
TIBCO Hawk: Mitigation for CVE-2021-44228 (Log4Shell)
Environment
All
TIBCO Hawk 6.x, 5.2.0
TIBCO(R) Operational Intelligence Hawk(R) RedTail 7.x
Resolution
1. Classic Hawk 6.2.1 and earlier version (6.2.0, 6.1.0, 6.0.0 and 5.2.0) as well as TIBCO(R) Operational Intelligence Hawk(R) RedTail 7.0.1 / 7.0.0 are not on an affected version of Log4J CVE-2021-44228 (referred to as the “Log4Shell” vulnerability).
2. For TIBCO(R) Operational Intelligence Hawk(R) RedTail 7.1.0, the fix is provided in TIBCO(R) Operational Intelligence Hawk(R) RedTail 7.1.0 HF 003 which upgrades Log4j library to 2.17.2.
Please see article https://support.tibco.com/s/article/TIBCO-Operational-Intelligence-Hawk-RedTail-7-1-0-Hotfix-03-is-now-available
3. Log4j has been upgraded to log4j 2.17.1 in Hawk 6.2.1 HF4 and above for Hawk 6.2.1, please refer to the article below for the details:
https://support.tibco.com/s/article/TIBCO-Hawk-6-2-1-Hotfix-04-is-now-available
2. For TIBCO(R) Operational Intelligence Hawk(R) RedTail 7.1.0, the fix is provided in TIBCO(R) Operational Intelligence Hawk(R) RedTail 7.1.0 HF 003 which upgrades Log4j library to 2.17.2.
Please see article https://support.tibco.com/s/article/TIBCO-Operational-Intelligence-Hawk-RedTail-7-1-0-Hotfix-03-is-now-available
3. Log4j has been upgraded to log4j 2.17.1 in Hawk 6.2.1 HF4 and above for Hawk 6.2.1, please refer to the article below for the details:
https://support.tibco.com/s/article/TIBCO-Hawk-6-2-1-Hotfix-04-is-now-available
Additional Information
Apache Log4J Vulnerability Update
KB 000045606 Apache Log4J Vulnerability and Impact to TIBCO Products and Services
- https://www.tibco.com/support/notices/2021/12/apache-log4j-vulnerability-update
KB 000045606 Apache Log4J Vulnerability and Impact to TIBCO Products and Services
- https://support.tibco.com/s/article/Apache-Log4J-Vulnerability-and-Impact-to-TIBCO-Products-and-Services
Feedback
Yes
No
Powered by
