CVE-2024-3331

MEDIUM 6.8

Spotfire: NTLM token leakage

CVSS Score

6.8

EPSS Score

0.0%

EPSS Percentile

0th

Vulnerability in Spotfire Spotfire Enterprise Runtime for R - Server Edition, Spotfire Spotfire Statistics Services, Spotfire Spotfire Analyst, Spotfire Spotfire Desktop, Spotfire Spotfire Server allows The impact of this vulnerability depends on the privileges of the user running the affected software..This issue affects Spotfire Enterprise Runtime for R - Server Edition: from 1.12.7 through 1.20.0; Spotfire Statistics Services: from 12.0.7 through 12.3.1, from 14.0.0 through 14.3.0; Spotfire Analyst: from 12.0.9 through 12.5.0, from 14.0.0 through 14.3.0; Spotfire Desktop: from 14.0 through 14.3.0; Spotfire Server: from 12.0.10 through 12.5.0, from 14.0.0 through 14.3.0.

Vendor	spotfire
Product	spotfire enterprise runtime for r - server edition
Published	Jun 27, 2024
Last Updated	Mar 2, 2026

Stay Ahead of the Next One

Get instant alerts for spotfire spotfire enterprise runtime for r - server edition

Be the first to know when new medium vulnerabilities affecting spotfire spotfire enterprise runtime for r - server edition are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

Required

Scope

Changed

Confidentiality

High

Integrity

None

Availability

None

Affected Versions

Spotfire / Spotfire Enterprise Runtime for R - Server Edition

1.12.7 ≤ 1.20.0

Spotfire / Spotfire Statistics Services

12.0.7 ≤ 12.3.1 14.0.0 ≤ 14.3.0

Spotfire / Spotfire Analyst

12.0.9 ≤ 12.5.0 14.0.0 ≤ 14.3.0

Spotfire / Spotfire Desktop

14.0 ≤ 14.3.0

Spotfire / Spotfire Server

12.0.10 ≤ 12.5.0 14.0.0 ≤ 14.3.0

References

NVD ↗ CVE.org ↗ EPSS Data ↗

community.spotfire.com: https://community.spotfire.com/articles/spotfire/spotfire-security-advisory-june-262024-spotfire-cve-2024-3331-r3436/