CVE-2014-2541
TIBCO Rendezvous < 8.4.2 - Unauthenticated Information Disclosure and Data Modification
Title source: llmDescription
The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 do not properly implement access control, which allows remote attackers to obtain sensitive information or modify transmitted information via unspecified vectors.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://www.tibco.com/multimedia/rendezvous_advisory_20140408_tcm8-20763.txt
Vendor Advisory x_refsource_confirm
http://www.tibco.com/mk/advisory.jsp
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1030070
Scores
EPSS
0.0031
EPSS Percentile
54.0%
Details
CWE
CWE-264
Status
published
Products (12)
tibco/messaging_appliance
< 8.7.0
tibco/rendezvous
7.4.11
tibco/rendezvous
7.5.1
tibco/rendezvous
7.5.2
tibco/rendezvous
7.5.3
tibco/rendezvous
7.5.4
tibco/rendezvous
8.2.1
tibco/rendezvous
8.3.0
tibco/rendezvous
8.3.1
tibco/rendezvous
8.10
... and 2 more
Published
Apr 08, 2014
Tracked Since
Feb 18, 2026