CVE-2024-3330
📋 TL;DR
This vulnerability allows attackers to execute arbitrary code in Spotfire products. It affects Spotfire Analyst (Windows client requiring user interaction), Spotfire Web Player (runs as service account), and Spotfire Automation Services. The vulnerability impacts multiple versions across Spotfire 12.x and 14.x.
💻 Affected Systems
- Spotfire Analyst
- Spotfire Server
- Spotfire for AWS Marketplace
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with attacker gaining full control over affected systems, potentially leading to data theft, ransomware deployment, or lateral movement across the network.
Likely Case
Attacker gains code execution with the privileges of the running process (user account for Analyst, service account for Web Player/Automation Services), enabling data access and further exploitation.
If Mitigated
With proper network segmentation and least privilege, impact limited to isolated segments with minimal critical data exposure.
🎯 Exploit Status
Exploitation requires user interaction for Analyst client but is unauthenticated for Web Player and Automation Services. The high CVSS score suggests relatively straightforward exploitation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Spotfire Analyst: 12.5.1 or 14.0.3; Spotfire Server: 12.5.1, 14.0.4, or 14.3.1; Spotfire for AWS Marketplace: 14.3.1
Vendor Advisory: https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-june-262024-spotfire-cve-2024-3330-r3435/
Restart Required: Yes
Instructions:
1. Download patches from TIBCO support portal. 2. Apply patches to affected components. 3. Restart services. 4. Verify version updates.
🔧 Temporary Workarounds
Network Segmentation
allIsolate Spotfire components from internet and restrict internal network access
Service Account Hardening
allRun Web Player and Automation Services with minimal privileges
🧯 If You Can't Patch
- Immediately isolate affected systems from internet and restrict network access
- Implement application whitelisting to prevent execution of unauthorized code
🔍 How to Verify
Check if Vulnerable:
Check Spotfire version against affected ranges. For Analyst: Help > About. For Server: Admin console or installation logs.Check Version:
Spotfire Analyst: Check Help > About dialog. Spotfire Server: Check admin console or installation directory version files.Verify Fix Applied:
Verify version is updated to patched versions: Analyst 12.5.1+, 14.0.3+; Server 12.5.1+, 14.0.4+, 14.3.1+; AWS Marketplace 14.3.1+.📡 Detection & Monitoring
Log Indicators:
- Unusual process execution from Spotfire components
- Suspicious network connections from Spotfire services
- Authentication anomalies
Network Indicators:
- Unexpected outbound connections from Spotfire servers
- Traffic to known malicious IPs from Spotfire components
SIEM Query:
source="spotfire*" AND (event_type="process_creation" OR event_type="network_connection") AND (process_name NOT IN allowed_processes OR dest_ip NOT IN allowed_ips)