Spotfire Remote Code Execution Vulnerability
CVE-2024-3330
What is CVE-2024-3330?
The vulnerability in TIBCO Software's Spotfire suite poses significant risks by allowing an attacker to execute arbitrary code under specific conditions. For the installed Windows client, the exploitation requires user interaction, allowing the attacker to leverage this interaction to gain control over the system. In the case of the Web Player utilized by Business Authors, an attacker can execute arbitrary code with the privileges of the Web player process. Additionally, Automation Services are impacted, enabling arbitrary code execution through crafted requests. This vulnerability affects multiple versions of Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace, emphasizing the necessity for users to adopt appropriate security measures.
Affected Version(s)
Spotfire Analyst 12.0.9 <= 12.5.0
Spotfire Analyst 14.0 <= 14.0.2
Spotfire for AWS Marketplace 14.0 < 14.3.0
