CVE-2014-2542: XSS
First published: Tue Apr 08 2014(Updated: )
Cross-site scripting (XSS) vulnerability in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| TIBCO Rendezvous | <=8.4.1 | |
| TIBCO Rendezvous | =7.4.11 | |
| TIBCO Rendezvous | =7.5.1 | |
| TIBCO Rendezvous | =7.5.2 | |
| TIBCO Rendezvous | =7.5.3 | |
| TIBCO Rendezvous | =7.5.4 | |
| TIBCO Rendezvous | =8.2.1 | |
| TIBCO Rendezvous | =8.3.0 | |
| TIBCO Rendezvous | =8.3.1 | |
| TIBCO Rendezvous | =8.10 | |
| TIBCO Substation ES | <=2.8.0 | |
| Tibco Messaging Appliance | <=8.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-2542?
CVE-2014-2542 has been assigned a medium severity rating due to its potential for cross-site scripting attacks.
How do I fix CVE-2014-2542?
To mitigate CVE-2014-2542, you should upgrade to TIBCO Rendezvous version 8.4.2 or later, Messaging Appliance version 8.7.1 or later, or Substation ES version 2.8.1 or later.
What software is affected by CVE-2014-2542?
CVE-2014-2542 affects TIBCO Rendezvous versions up to 8.4.1, Messaging Appliance versions up to 8.7.0, and Substation ES versions up to 2.8.0.
What are the potential consequences of CVE-2014-2542 exploitation?
Exploitation of CVE-2014-2542 could allow attackers to execute arbitrary scripts in the context of the user's browser, potentially compromising sensitive information.
Is there a workaround for CVE-2014-2542?
There is no official workaround for CVE-2014-2542; the best course of action is to upgrade to a fixed version.
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/severity
- agent/last-modified-date
- agent/author
- agent/references
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/tibco
- canonical/tibco rendezvous
- version/tibco rendezvous/8.4.1
- version/tibco rendezvous/7.4.11
- version/tibco rendezvous/7.5.1
- version/tibco rendezvous/7.5.2
- version/tibco rendezvous/7.5.3
- version/tibco rendezvous/7.5.4
- version/tibco rendezvous/8.2.1
- version/tibco rendezvous/8.3.0
- version/tibco rendezvous/8.3.1
- version/tibco rendezvous/8.10
- canonical/tibco substation es
- version/tibco substation es/2.8.0
- canonical/tibco messaging appliance
- version/tibco messaging appliance/8.7.0