CVE-2024-3331— Spotfire: NTLM token leakage
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-3331
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Spotfire: NTLM token leakage
Source: NVD (National Vulnerability Database)
Vulnerability Description
Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected software..This issue affects Spotfire Enterprise Runtime for R - Server Edition: from 1.12.7 through 1.20.0; Spotfire Statistics Services: from 12.0.7 through 12.3.1, from 14.0.0 through 14.3.0; Spotfire Analyst: from 12.0.9 through 12.5.0, from 14.0.0 through 14.3.0; Spotfire Desktop: from 14.0 through 14.3.0; Spotfire Server: from 12.0.10 through 12.5.0, from 14.0.0 through 14.3.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
TIBCO Software 多款产品安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
TIBCO Software Spotfire Server等都是美国TIBCO Software公司的产品。TIBCO Software Spotfire Server是一套基于TIBCO Spotfire(数据分析和挖掘工具)的为企业提供整合、运行和管理的平台。TIBCO Software Spotfire Statistics Services是一款基于TERR引擎(或其它引擎)的综合统计和数据算法库。TIBCO Software Spotfire Analyst是一款应用程序。 TIBCO Sof
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| Spotfire | Spotfire Enterprise Runtime for R - Server Edition | 1.12.7 ~ 1.20.0 | - | |
| Spotfire | Spotfire Statistics Services | 12.0.7 ~ 12.3.1 | - | |
| Spotfire | Spotfire Analyst | 12.0.9 ~ 12.5.0 | - | |
| Spotfire | Spotfire Desktop | 14.0 ~ 14.3.0 | - | |
| Spotfire | Spotfire Server | 12.0.10 ~ 12.5.0 | - |
II. Public POCs for CVE-2024-3331
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-3331
请登录查看更多情报信息。
IV. Related Vulnerabilities
V. Comments for CVE-2024-3331
No comments yet