The hotfix V140HF03 addresses the following Apache Log4J vulnerabilities- CVE-2021-44228 and CVE-2021-45046. Note that Statistica service for Spotfire is unaffected by CVE-2021-45105

 

The hotfix V140HF03 addresses the following Apache Log4J vulnerabilities- CVE-2021-44228 and CVE-2021-45046.

TIBCO Statistica (a.k.a TIBCO Data Science Workbench) customers will be able to download the hotfix V14HF03.zip from the TIBCO Customer Support Portal Web UI using their Support portal credentials. Once logged on they can find the hotfixes under the Downloads Menu and navigating to : Available Downloads>>Statistica >>14.0>>HF03

Once the zip file is extracted, note that the hot-fix is packaged for Spotfire 10.10(V140HF03-Spotfire1010.zip) and Spotfire 11.4 and later versions (V140HF03-Spotfire114.zip). Extract and deploy the hot-fix that is applicable to your Spotfire Server version.

Direct download link: https://support.tibco.com/s/hotfixes?id=a014z00000yTs95AAC

For instructions on how TIBCO customers can download the hotfixes / access all GA hotfixes , refer to Article 000022290 : https://support.tibco.com/s/article/hotfix

For a summary of the updates included and instructions to deploy the fix, refer to the readme file included in the hotfix zip archive.

Refer to TIBCO's Apache log4j vulnerability update 
Refer to TIBCO Statistica Service for TIBCO Spotfire Mitigation for Log4J Vulnerabilities