Products | Versions |
---|---|
TIBCO Offer and Price Engine | 5.0.0, 5.1.0 |
TIBCO is aware of the recently announced Apache Commons Text vulnerability (CVE-2022-42889), referred to as “Text4Shell”.
For more information about the general TIBCO investigation into this, please refer to Apache Commons Text Vulnerability & JXPath.
This article provides additional information on how TIBCO Offer and Price Engine in particular are affected.
As an immediate fix to mitigate this issue, users can follow these steps:
TIBCO Public Notice about Apache Commons Text Vulnerability & JXPath - https://www.tibco.com/support/notices/2022/10/apache-commons-text-vulnerability-jxpath