CVE-2024-3330Execution with Unnecessary Privileges in FOR AWS Marketplace

CWE-250Execution with Unnecessary Privileges3 documents3 sources
Severity
9.9CRITICALNVD
EPSS
0.3%
top 44.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Spotfire FOR AWS MarketplaceSpotfire AnalystSpotfire Server
Timeline
PublishedJun 27

Description

Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Windows client: Successful execution of this vulnerability will result in an attacker being able to run arbitrary code.This requires human interaction from a person other than the attacker., In the case of the Web player (Business Author): Successful execution of this vulnerability via the Web Player, will result in the attacker being able to run arbitra

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HExploitability: 3.1 | Impact: 6.0

Affected Packages3 packages

CVEListV5spotfire/spotfire_for_aws_marketplace14.014.3.0
CVEListV5spotfire/spotfire_server12.0.1012.5.0+2
CVEListV5spotfire/spotfire_analyst12.0.912.5.0+1

🔴Vulnerability Details

2
GHSA
GHSA-65p7-vc93-6p69: Vulnerability in Spotfire Spotfire Analyst, Spotfire Spotfire Server, Spotfire Spotfire for AWS Marketplace allows In the case of the installed Window2024-06-27
CVEList
Spotfire Remote Code Execution Vulnerability2024-06-27
CVE-2024-3330 — Execution with Unnecessary Privileges | cvebase