Skip to main content

Spotfire Spotfire Enterprise Runtime CVE-2024-3331

MEDIUM
Incorrect Authorization (CWE-863)
2024-06-27 security@tibco.com
6.8
CVSS 3.1 · Vendor: tibco
Share

Severity by source

Vendor (tibco) PRIMARY
6.8 MEDIUM
AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Primary rating from Vendor (tibco) · only source for this CVE.

CVSS VectorVendor: tibco

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
Required
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
Jun 27, 2024 - 19:15 cve.org
MEDIUM 6.8

DescriptionCVE.org

Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected software..This issue affects Spotfire Enterprise Runtime for R - Server Edition: from 1.12.7 through 1.20.0; Spotfire Statistics Services: from 12.0.7 through 12.3.1, from 14.0.0 through 14.3.0; Spotfire Analyst: from 12.0.9 through 12.5.0, from 14.0.0 through 14.3.0; Spotfire Desktop: from 14.0 through 14.3.0; Spotfire Server: from 12.0.10 through 12.5.0, from 14.0.0 through 14.3.0.

AnalysisAI

Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Incorrect Authorization (CWE-863), which allows attackers to bypass authorization checks to access restricted resources. Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected software..12.7 through 1.20.0; Spotfire Statistics Services: from 12.0.7 through 12.3.1, from 14.0.0 through 14.3.0; Spotfire Analyst: from 12.0.9 through 12.5.0, from 14.0.0 through 14.3.0; Spotfire Desktop: from 14.0 through 14.3.0; Spotfire Server: from 12.0.10 through 12.5.0, from 14.0.0 through 14.3.0. Version information: through 1.20.0.

Affected ProductsAI

See vendor advisory for affected versions.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and test authorization logic, implement consistent access control checks, use centralized authorization framework.

Share

CVE-2024-3331 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy