Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-2542

Overview

Vulnerability Score 4.3 4.3
CVE Id CVE-2014-2542
Last Modified 11 Aug 2015 10:39:53
Published 08 Apr 2014 07:47:28
Confidentiality Impact NONE NONE
Integrity Impact PARTIAL PARTIAL
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2014-2542

Summary

Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.

Vulnerable Systems

Application

  • Tibco Rendezvous 7.4.11

  • Tibco Rendezvous 7.5.1

  • Tibco Rendezvous 7.5.2

  • Tibco Rendezvous 7.5.3

  • Tibco Rendezvous 7.5.4

  • Tibco Rendezvous 8.10

  • Tibco Rendezvous 8.2.1

  • Tibco Rendezvous 8.3.0

  • Tibco Rendezvous 8.3.1

  • Tibco Rendezvous 8.4.1

  • Tibco Substantiation Es 2.8.0


References

CONFIRM - http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt

CONFIRM - http://www.tibco.com/mk/advisory.jsp

BID - 66737

SECTRACK - 1030070


Last Updated: 27 May 2016 11:04:53