CVE-2024-3330: Critical Vulnerability in Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace with Potential for Arbitrary Code Execution

A critical vulnerability (CVE-2024-3330) has been discovered in TIBCO's Spotfire product suite, including Spotfire Analyst, Spotfire Server, and Spotfire for AWS Marketplace. Successful exploitation of this vulnerability can result in an attacker being able to run arbitrary code with varying degrees of severity depending on the affected component. The affected versions of Spotfire include:

Exploit Details

The vulnerability in question has different impacts depending on which component is being exploited.

In the case of the installed Windows client in Spotfire Analyst

Successful execution of this vulnerability requires human interaction from a person other than the attacker. The attacker can run arbitrary code on the affected machine, potentially gaining unauthorized access or compromising sensitive data. It should be noted that the code will run with the same privileges as the user running the Spotfire Analyst application.

In the case of the Web Player (Business Author) within Spotfire Server

Successful execution of this vulnerability via the Web Player will allow the attacker to run arbitrary code as the account running the Web player process. This could potentially lead to a compromise of the entire server or unauthorized access to sensitive information.

In the case of Automation Services

Successful execution of this vulnerability enables the attacker to run arbitrary code via Automation Services. This is particularly concerning as it could provide unauthorized access to sensitive data or the ability to perform actions without proper authorization.

Below is a sample exploit code that demonstrates the vulnerability

# Exploit Title: CVE-2024-3330 - Spotfire Arbitrary Code Execution
# Exploit Author: Anonymous
# Version: Spotfire Analyst 12..9 - 12.5., 14. - 14..2; Spotfire Server 12..10 - 12.5., 14. - 14..3, 14.2. - 14.3.; Spotfire for AWS Marketplace 14. - 14.3.

import requests

payload = {
  "exploit": "ARBITRARY CODE HERE"
}

url = "http://target.tld/spotfire/endpoint";
response = requests.post(url, json=payload)

if response.status_code == 200:
  print("Exploit successful")
else:
  print("Exploit failed")

For more information about this vulnerability, please refer to the following resources

- CVE Details
- TIBCO Security Advisory

Recommendations and Mitigation

It is highly recommended that users running affected versions of Spotfire Analyst, Spotfire Server, or Spotfire for AWS Marketplace update their systems to the latest versions to address this vulnerability.

In addition to applying the necessary patches, users should also follow best practices in securing their Spotfire environments, such as:

Conclusion

The discovery of this critical vulnerability in Spotfire highlights the importance of securing your analytics platform and ensuring that your software is up-to-date. By staying informed about vulnerabilities like CVE-2024-3330 and applying the necessary security measures, you can protect your organization and its valuable data from potential attacks.

Timeline

Published on: 06/27/2024 19:15:14 UTC
Last modified on: 07/22/2024 20:02:22 UTC