Privilege Escalation Vulnerability in Spotfire Products by TIBCO Software Inc.
CVE-2024-3331

6.8MEDIUM

What is CVE-2024-3331?

A vulnerability exists in multiple Spotfire products that could allow users to gain higher privileges depending on the user's access level. This issue affects several versions of Spotfire’s runtime, statistics services, analyst tools, desktop applications, and servers. The specific impact hinges on the privileges of the user operating the affected software, making it crucial for organizations using Spotfire solutions to assess their exposure and apply necessary updates.

Affected Version(s)

Spotfire Analyst 12.0.9 <= 12.5.0

Spotfire Analyst 14.0.0 <= 14.3.0

Spotfire Desktop 14.0 <= 14.3.0

References

CVSS V3.1

Score:
6.8
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

.