PT-2024-25200 · Tibco · Spotfire Analyst+4
Published
2024-06-27
·
Updated
2024-06-27
·
CVE-2024-3331
CVSS v3.1
6.8
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Spotfire Enterprise Runtime for R - Server Edition versions 1.12.7 through 1.20.0
Spotfire Statistics Services versions 12.0.7 through 12.3.1
Spotfire Statistics Services versions 14.0.0 through 14.3.0
Spotfire Analyst versions 12.0.9 through 12.5.0
Spotfire Analyst versions 14.0.0 through 14.3.0
Spotfire Desktop versions 14.0 through 14.3.0
Spotfire Server versions 12.0.10 through 12.5.0
Spotfire Server versions 14.0.0 through 14.3.0
Description
The issue affects the privileges of the user running the affected software, with the impact depending on these privileges.
Recommendations
For Spotfire Enterprise Runtime for R - Server Edition versions 1.12.7 through 1.20.0, update to a version outside of this range.
For Spotfire Statistics Services versions 12.0.7 through 12.3.1, update to a version outside of this range.
For Spotfire Statistics Services versions 14.0.0 through 14.3.0, update to a version outside of this range.
For Spotfire Analyst versions 12.0.9 through 12.5.0, update to a version outside of this range.
For Spotfire Analyst versions 14.0.0 through 14.3.0, update to a version outside of this range.
For Spotfire Desktop versions 14.0 through 14.3.0, update to a version outside of this range.
For Spotfire Server versions 12.0.10 through 12.5.0, update to a version outside of this range.
For Spotfire Server versions 14.0.0 through 14.3.0, update to a version outside of this range.
Fix
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Spotfire Analyst
Spotfire Desktop
Spotfire Enterprise Runtime For R - Server Edition
Spotfire Server
Spotfire Statistics Services