CVE-2014-2542

Name of the Vulnerable Software and Affected Versions TIBCO Rendezvous versions prior to 8.4.2 TIBCO Messaging Appliance versions prior to 8.7.1 TIBCO Substation ES versions prior to 2.8.1

Description A cross-site scripting (XSS) issue exists, allowing remote attackers to inject arbitrary web script or HTML. This can be achieved via unspecified vectors in the Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd).

Recommendations For TIBCO Rendezvous versions prior to 8.4.2, update to version 8.4.2 or later. For TIBCO Messaging Appliance versions prior to 8.7.1, update to version 8.7.1 or later. For TIBCO Substation ES versions prior to 2.8.1, update to version 2.8.1 or later.