CVSS 3.1 Score 9.9 of 10 (high)


Published Jun 27, 2024


CVE-2024-3330 is a critical vulnerability that affects multiple products from Spotfire, including Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace. The vulnerability allows an attacker to execute arbitrary code on the affected systems. In the case of the installed Windows client, the attacker requires human interaction from a person other than themselves. For the Web player (Business Author), successful execution of the vulnerability allows the attacker to run arbitrary code using the account running the Web player process. Automation Services are also vulnerable to this exploit. The impacted versions vary for each product, but generally range from 12.0.9 through 14.3.0. This vulnerability poses a high risk to organizations as it can lead to unauthorized access and potential compromise of sensitive data. It is recommended to apply any available security patches or updates provided by Spotfire to remediate this issue promptly.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.


Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future

Note: This is just a basic overview providing quick insights into CVE-2024-3330 information. Gain full access to comprehensive CVE data, third party vulnerabilities, compromised credentials and more with Recorded Future
  • Gain complete coverage of your cyber, third party, and physical attack surface
  • Proactively mitigate threats before they turn into costly attacks
  • Make fast, effective, data-driven decisions