CVE-2024-3331

Summary

Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected software..This issue affects Spotfire Enterprise Runtime for R - Server Edition: from 1.12.7 through 1.20.0; Spotfire Statistics Services: from 12.0.7 through 12.3.1, from 14.0.0 through 14.3.0; Spotfire Analyst: from 12.0.9 through 12.5.0, from 14.0.0 through 14.3.0; Spotfire Desktop: from 14.0 through 14.3.0; Spotfire Server: from 12.0.10 through 12.5.0, from 14.0.0 through 14.3.0.

Affected Software

VendorProductVersion RangeStatus
SpotfireSpotfire Enterprise Runtime for R - Server Edition1.12.7 <= 1.20.0affected
SpotfireSpotfire Statistics Services12.0.7 <= 12.3.1affected
SpotfireSpotfire Statistics Services14.0.0 <= 14.3.0affected
SpotfireSpotfire Analyst12.0.9 <= 12.5.0affected
SpotfireSpotfire Analyst14.0.0 <= 14.3.0affected
SpotfireSpotfire Desktop14.0 <= 14.3.0affected
SpotfireSpotfire Server12.0.10 <= 12.5.0affected
SpotfireSpotfire Server14.0.0 <= 14.3.0affected

Weaknesses

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References