Loftware Spectrum
8 CVEs affecting Loftware Spectrum. Latest disclosed: 2024-09-10. Critical: 4, High: 4.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-37234 | Critical | 9.8 | 2024-09-10 | Loftware Spectrum through 4.6 has unprotected JMX Registry. |
CVE-2023-37231 | Critical | 9.8 | 2024-09-10 | Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password. |
CVE-2023-37227 | Critical | 9.8 | 2024-09-10 | Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data. |
CVE-2023-37226 | Critical | 9.8 | 2024-09-10 | Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function. |
CVE-2023-37233 | High | 8.8 | 2024-09-10 | Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks. |
CVE-2023-37230 | High | 8.8 | 2024-09-10 | Loftware Spectrum (testDeviceConnection) before 5.1 allows SSRF. |
CVE-2023-37229 | High | 8.8 | 2024-09-10 | Loftware Spectrum before 5.1 allows SSRF. |
CVE-2023-37232 | High | 7.5 | 2024-09-10 | Loftware Spectrum through 4.6 exposes Sensitive Information (Logs) to an Unauthorized Actor. |