TIBCO Omni-Gen Hotfixes to Remediate CVE-2022-29464

book

Article ID: KB0072340

calendar_today

Updated On:

Products	Versions
ibi Omni	3.x and 4.x releases
ibi Omni-Gen MDM	3.x and 4.x releases
TIBCO Omni-Gen DQ Server	3.x and 4.x releases

Description

TIBCO is aware of the recently announced WSO2 vulnerability (CVE-2022-29464). This vulnerability potentially allows unrestricted file upload with resultant remote code execution.

Environment

These hotfixes apply to the TIBCO Omni-Gen product suite for the versions listed on all supported platforms.

Resolution

These hotfixes can be downloaded from the TIBCO Support Customer Portal Web User Interface, using your username and password for the TIBCO Support Web.

Once logged in, select Hotfixes from the Downloads menu. Navigate to the hotfix location: AvailableDownloads/ibi. Then select the applicable product(s) and release(s):

For 3.x releases, navigate to 3.16 and select HF-007.
For 4.1 releases, navigate to 4.1 and select HF-004.

Issue/Introduction

These hotfixes address CVE-2022-29464, the remote code execution vulnerability in WSO2.

Additional Information

CVE-2022-29464

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-29464

WSO2 Advisory

https://docs.wso2.com/display/Security/Security+Advisory+WSO2-2021-1738

Attachments

TIBCO Omni-Gen Hotfixes to Remediate CVE-2022-29464 get_app

Feedback

thumb_up Yes

thumb_down No

Welcome to "KB Articles"