Cross-Site Scripting Vulnerability in TIBCO Rendezvous and Messaging Appliance
CVE-2014-2542

Currently unrated

Key Information:

Vendor: Tibco
Status: Rendezvous; Messaging Appliance; Substantiation Es
Vendor: CVE Published:; 8 April 2014

Summary

The vulnerability allows remote attackers to execute arbitrary web scripts or HTML through various vectors in multiple TIBCO products, including Rendezvous, Messaging Appliance, and Substation ES. This flaw could potentially lead to data theft, session hijacking, or other malicious activities aimed at users interacting with affected systems.

References

http://www.securityfocus.com/bid/66737

vdb-entryx_refsource_BID

http://www.tibco.com/multimedia/rendezvous_advisory_20140...

x_refsource_CONFIRM

http://www.tibco.com/mk/advisory.jsp

x_refsource_CONFIRM

Timeline

Vulnerability published
Apr 8, 2014
Vulnerability Reserved
Mar 18, 2014