TIBCO Offer and Price Engine Resolution and Mitigation for the Apache Commons Text (Text4Shell) Vulnerability

TIBCO Offer and Price Engine Resolution and Mitigation for the Apache Commons Text (Text4Shell) Vulnerability

book

Article ID: KB0071839

calendar_today

Updated On:

Products Versions
TIBCO Offer and Price Engine 5.0.0, 5.1.0

Description

TIBCO is aware of the recently announced Apache Commons Text vulnerability (CVE-2022-42889), referred to as “Text4Shell”.

For more information about the general TIBCO investigation into this, please refer to Apache Commons Text Vulnerability & JXPath.

This article provides additional information on how TIBCO Offer and Price Engine in particular are affected.

Environment

All

Resolution

As an immediate fix to mitigate this issue, users can follow these steps:

  • Take the backup of commons-text-1.6.jar from the directory ope/5.1/roles/ope/standalone/lib
  • Stop ope-core and shopping cart services
  • Delete  commons-text-1.6.jar from ope/5.1/roles/ope/standalone/lib and ope/5.1/roles/shoppingcart/standalone/lib
  • Restart ope-core and shoppingcart services

Issue/Introduction

This article contains resolution and mitigation steps for Apache Commons Text vulnerability (CVE-2022-42889) for the TIBCO Offer and Price Engine.

Additional Information

TIBCO Public Notice about Apache Commons Text Vulnerability & JXPath - https://www.tibco.com/support/notices/2022/10/apache-commons-text-vulnerability-jxpath