Spotfire Enterprise
Monthly
Information disclosure with integrity impact in the Spotfire Server modules of Spotfire Enterprise, Spotfire Enterprise with External Consumers, and Spotfire on Kubernetes allows a remote, unauthenticated attacker to obtain sensitive data and alter server-side state once a victim is lured into a passive interaction (UI:P), such as opening a crafted link or analysis. The CVSS 4.0 base score is 8.7 (High) with high confidentiality and integrity impact and low availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; EPSS was not provided.
Information disclosure with integrity impact in the Spotfire Server modules of Spotfire Enterprise, Spotfire Enterprise with External Consumers, and Spotfire on Kubernetes allows a remote, unauthenticated attacker to obtain sensitive data and alter server-side state once a victim is lured into a passive interaction (UI:P), such as opening a crafted link or analysis. The CVSS 4.0 base score is 8.7 (High) with high confidentiality and integrity impact and low availability impact. There is no public exploit identified at time of analysis and it is not listed in CISA KEV; EPSS was not provided.