Security Advisory

Spotfire Family Security Update Advisory (CVE-2024-3330)

  • Jul 03 2024

Overview

 

An update has been released to fix vulnerabilities in the Spotfire family of products. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

  • Spotfire Analyst versions: ~ 12.0.9 (inclusive)
  • Spotfire Analyst versions: 12.1.0 (inclusive) ~ 12.5.0 (inclusive), 14.0.0 (inclusive) ~ 14.0.2 (inclusive)
  • Spotfire Analyst versions: 14.1.0 (inclusive) ~ 14.3.0 (inclusive)
  • Spotfire Server versions: ~ 12.0.10 (inclusive)
  • Spotfire Server versions: 12.1.0 (inclusive) ~ 12.5.0 (inclusive), 14.0.0 (inclusive) ~ 14.0.3 (inclusive)
  • Spotfire Server versions: 14.2.0 (inclusive) ~ 14.3.0 (inclusive)
  • Spotfire AWS Marketplace versions: ~ 14.3.0 (inclusive)

     

Resolved Vulnerabilities

Vulnerability in the Analyst file handling functionality in Spotfire Client that allows attackers with low privileges to create malicious files, resulting in remote code execution

 

Vulnerability Patches

 

  • Spotfire Analyst: 12.0.10 and above versions
  • Spotfire Analyst: 14.0.3 and above versions
  • Spotfire Analyst: 14.4.0 and above versions
  • Spotfire Server: 12.0.11 and above versions
  • Spotfire Server: 14.0.4 and above versions
  • Spotfire Server: 14.4.0 version
  • Spotfire AWS Marketplace: 14.4.0 and above versions

 

Referenced Sites

 

[1] CVE-2024-3330 Detail

https://nvd.nist.gov/vuln/detail/CVE-2024-3330

[2] Spotfire Security Advisory: June 26,2024: Spotfire – CVE-2024-3330

https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-june-262024-spotfire-cve-2024-3330-r3435/

Tags:

Previous Post

Next Post