QID 376390

QID 376390: TIBCO BusinessEvents Log4j Vulnerability

TIBCO BusinessEvents allows abstraction and correlation of information which helps organizations to detect unusual activities as well as recognize other trends and patterns.

TIBCO BusinessEvents is vulnerable to Apache Log4j vulnerability

Affected Version:
TIBCO BusinessEvents Enterprise Edition 6.0.0, 6.1.0, 6.1.1, 6.2.0

QID Detection Logic (authenticated):
Operating System: Linux
The QID checks for BusinessEvents installations via Tibco Product Installation files found under TIBCO_HOME.

Note: This QID does not checks for workaround.

An attacker who successfully exploited this vulnerability can compromise confidentiality, integrity and availability of the system

  • CVSS V3 rated as Critical - 10 severity.
  • CVSS V2 rated as Critical - 9.3 severity.
  • Solution

    Update to the latest version of TIBCO BusinessEvents

    Vendor References

    CVEs related to QID 376390

    Software Advisories
    Advisory ID Software Component Link
    TIBCO-BusinessEvents-Mitigation-for-CVE-2021-44228-Log4Shell URL Logo support.tibco.com/s/article/TIBCO-BusinessEvents-Mitigation-for-CVE-2021-44228-Log4Shell