CVE-2024-3331

MEDIUM

Spotfire Enterprise Runtime for R - Server Edition 1.12.7-1.20.0 - Incorrect Authorization

Title source: llm

Description

Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected software..This issue affects Spotfire Enterprise Runtime for R - Server Edition: from 1.12.7 through 1.20.0; Spotfire Statistics Services: from 12.0.7 through 12.3.1, from 14.0.0 through 14.3.0; Spotfire Analyst: from 12.0.9 through 12.5.0, from 14.0.0 through 14.3.0; Spotfire Desktop: from 14.0 through 14.3.0; Spotfire Server: from 12.0.10 through 12.5.0, from 14.0.0 through 14.3.0.

References (1)

Core 1

Core References

Various Sources

https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-june-262024-spotfire-cve-2024-3331-r3436/

Scores

CVSS v3 6.8

EPSS 0.0038

EPSS Percentile 29.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-863

Status published

Products (8)

Spotfire/Spotfire Analyst 12.0.9 - 12.5.0

Spotfire/Spotfire Analyst 14.0.0 - 14.3.0

Spotfire/Spotfire Desktop 14.0 - 14.3.0

Spotfire/Spotfire Enterprise Runtime for R - Server Edition 1.12.7 - 1.20.0

Spotfire/Spotfire Server 12.0.10 - 12.5.0

Spotfire/Spotfire Server 14.0.0 - 14.3.0

Spotfire/Spotfire Statistics Services 12.0.7 - 12.3.1

Spotfire/Spotfire Statistics Services 14.0.0 - 14.3.0

Published Jun 27, 2024

Tracked Since Feb 18, 2026