Spotfire TERR code: NTLM token leakage
Original release date: June 26, 2024
Last revised: ---
CVE-2024-3331
Source: Cloud Software Group Inc.
Products Affected
Spotfire Enterprise Runtime for R (aka TERR) 4.5.0, 5.0.0, 5.1.0, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.1.0, 6.1.1, 6.1.2
Products Embedding the Affected TERR Versions:
• Spotfire Enterprise Runtime for R - Server Edition 1.12.7 and earlier
• Spotfire Enterprise Runtime for R - Server Edition 1.13.0, 1.14.0, 1.15.0, 1.16.0, 1.17.0, 1.17.1, 1.17.2, 1.17.3
• Spotfire Enterprise Runtime for R - Server Edition 1.18.0, 1.19.0, 1.20.0
• Spotfire Statistics Services 12.0.7 and earlier
• Spotfire Statistics Services 12.1.0, 12.2.0, 12.3.0, 12.3.1, 14.0.0, 14.0.1, 14.0.2, 14.0.3
• Spotfire Statistics Services 14.1.0, 14.2.0, 14.3.0
• Spotfire Analyst 12.0.9 and earlier
• Spotfire Analyst 12.1.0, 12.1.1, 12.2.0, 12.3.0, 12.4.0, 12.5.0, 14.0.0, 14.0.1, 14.0.2
• Spotfire Analyst 14.1.0, 14.2.0, 14.3.0
• Spotfire Desktop 14.3.0 and earlier
• Spotfire Server 12.0.10 and earlier
• Spotfire Server 12.1.0, 12.1.1, 12.2.0, 12.3.0, 12.4.0, 12.5.0, 14.0.0, 14.0.1, 14.0.2, 14.0.3
• Spotfire Server 14.1.0, 14.2.0, 14.3.0
• Spotfire for AWS Marketplace 14.3.0 and earlier
Description
In the TERR scripting environment, untrusted scripts are executed in a sandbox with limited permissions using the evalREX function call. However, a vulnerability exists where a specially crafted script can exploit this function to cause the user running the process to leak NTLM tokens to a server under the control of an attacker.
Impact
The impact of this vulnerability depends on the privileges of the user running the affected software.
CVSS v3 Base Score: 6.8 (Medium) (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N)
Solution:
Cloud Software Group has released updated versions of the affected systems which address this issue:
• Spotfire Enterprise Runtime for R (aka TERR) 4.5.0, 5.0.0, 5.1.0, 6.0.0, 6.0.1, 6.0.2, 6.0.3, 6.1.0, 6.1.1, 6.1.2: upgrade to version 6.1.3 or higher
• Spotfire Enterprise Runtime for R - Server Edition 1.12.7 and earlier: upgrade to version 1.12.8 or higher
• Spotfire Enterprise Runtime for R - Server Edition 1.13.0, 1.14.0, 1.15.0, 1.16.0, 1.17.0, 1.17.1, 1.17.2, 1.17.3: upgrade to version 1.17.4 or higher
• Spotfire Enterprise Runtime for R - Server Edition 1.18.0, 1.19.0, 1.20.0: upgrade to version 1.21.0 or higher
• Spotfire Statistics Services 12.0.7 and earlier: upgrade to version 12.0.8 or higher
• Spotfire Statistics Services 12.1.0, 12.2.0, 12.3.0, 12.3.1, 14.0.0, 14.0.1, 14.0.2, 14.0.3: upgrade to version 14.0.4 or higher
• Spotfire Statistics Services 14.1.0, 14.2.0, 14.3.0: upgrade to version 14.4.0 or higher
• Spotfire Analyst 12.0.9 and earlier: upgrade to version 12.0.10 or higher
• Spotfire Analyst 12.1.0, 12.1.1, 12.2.0, 12.3.0, 12.4.0, 12.5.0, 14.0.0, 14.0.1, 14.0.2: upgrade to version 14.0.3 or higher
• Spotfire Analyst 14.1.0, 14.2.0, 14.3.0: upgrade to version 14.4.0 or higher
• Spotfire Desktop 14.3.0 and earlier: upgrade to version 14.4.0 or higher
• Spotfire Server 12.0.10 and earlier: upgrade to version 12.0.11 or higher
• Spotfire Server 12.1.0, 12.1.1, 12.2.0, 12.3.0, 12.4.0, 12.5.0, 14.0.0, 14.0.1, 14.0.2, 14.0.3: upgrade to version 14.0.4 or higher
• Spotfire Server 14.1.0, 14.2.0, 14.3.0: upgrade to version 14.4.0 or higher
• Spotfire for AWS Marketplace 14.3.0 and earlier: upgrade to version 14.4.0 or higher
References
https://community.spotfire.com/security-advisories/
CVE-2024-3331
Recommended Comments
There are no comments to display.