Loftware Spectrum vulnerabilities
7 known vulnerabilities affecting loftware/spectrum.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL4HIGH3
Vulnerabilities
Page 1 of 1
CVE-2023-37226P2CRITICALCVSS 9.8fixed in 4.6v4.62024-09-10
CVE-2023-37226 [CRITICAL] CWE-287 CVE-2023-37226: Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function.
Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function.
nvd
CVE-2023-37227P3CRITICALCVSS 9.8fixed in 4.6v4.62024-09-10
CVE-2023-37227 [CRITICAL] CWE-502 CVE-2023-37227: Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data.
Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data.
nvd
CVE-2023-37231P3CRITICALCVSS 9.8fixed in 4.6v4.62024-09-10
CVE-2023-37231 [CRITICAL] CWE-259 CVE-2023-37231: Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password.
Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password.
nvd
CVE-2023-37234P3CRITICALCVSS 9.8≤ 4.62024-09-10
CVE-2023-37234 [CRITICAL] CWE-284 CVE-2023-37234: Loftware Spectrum through 4.6 has unprotected JMX Registry.
Loftware Spectrum through 4.6 has unprotected JMX Registry.
nvd
CVE-2023-37233P3HIGHCVSS 8.8fixed in 4.6_hf142024-09-10
CVE-2023-37233 [HIGH] CWE-611 CVE-2023-37233: Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks.
Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks.
nvd
CVE-2023-37230P3HIGHCVSS 8.8fixed in 5.12024-09-10
CVE-2023-37230 [HIGH] CWE-918 CVE-2023-37230: Loftware Spectrum (testDeviceConnection) before 5.1 allows SSRF.
Loftware Spectrum (testDeviceConnection) before 5.1 allows SSRF.
nvd
CVE-2023-37232P3HIGHCVSS 7.5≤ 4.62024-09-10
CVE-2023-37232 [HIGH] CWE-200 CVE-2023-37232: Loftware Spectrum through 4.6 exposes Sensitive Information (Logs) to an Unauthorized Actor.
Loftware Spectrum through 4.6 exposes Sensitive Information (Logs) to an Unauthorized Actor.
nvd