Lucene search
K
LoftwareSpectrum

8 matches found

CVE
CVE
added 2024/09/10 12:0 a.m.55 views

CVE-2023-37232

Loftware Spectrum (v4.6 and earlier) exposes sensitive information from logs to unauthorized actors. Documents consistently describe the issue as a disclosure of logs, impacting confidentiality (CVSSv3.1: HIGH, 7.5). The exact root cause, affected components, and remediation steps are not detaile...

7.5CVSS6.9AI score0.00382EPSS
CVE
CVE
added 2024/09/10 12:0 a.m.53 views

CVE-2023-37234

Loftware Spectrum versions through 4.6 contain a security vulnerability due to an unprotected JMX Registry. Affected component: Loftware Spectrum (through 4.6). Reported impact includes exposure risks consistent with unprotected JMX access. The issue stems from the JMX Registry exposure; no explo...

9.8CVSS7AI score0.00399EPSS
CVE
CVE
added 2024/09/10 12:0 a.m.48 views

CVE-2023-37229

CVE-2023-37229 concerns Loftware Spectrum and is described as a server-side request forgery (SSRF) vulnerability present in versions prior to 5.1. The Red Hat, NVD, CVE listings all reiterate that Loftware Spectrum before 5.1 is affected by SSRF. The PT-Security entry confirms the issue is SSRF a...

8.8CVSS7AI score0.00349EPSS
CVE
CVE
added 2024/09/10 12:0 a.m.47 views

CVE-2023-37231

Loftware Spectrum is affected by a hard-coded password vulnerability in versions prior to 4.6 HF14. This issue enables unauthorized access due to credential hard-coding in HF14, with a CVSS v3.1 base score of 9.8 (CRITICAL). Impact includes confidentiality, integrity, and availability compromise....

9.8CVSS7AI score0.00516EPSS
CVE
CVE
added 2024/09/10 12:0 a.m.46 views

CVE-2023-37230

Loftware Spectrum's testDeviceConnection vulnerability (CVE-2023-37230) is an SSRF issue in versions prior to 5.1. The CVSS 3.1 score is 8.8 (High) with network attack, no privileges, user interaction required, and impacts to confidentiality, integrity, and availability. The provided sources conf...

8.8CVSS7AI score0.00349EPSS
CVE
CVE
added 2024/09/10 12:0 a.m.45 views

CVE-2023-37226

Loftware Spectrum pre-4.6 HF14 contains a Missing Authentication for a Critical Function vulnerability (CVE-2023-37226). Affected software: Loftware Spectrum prior to 4.6 HF14. Root cause: missing authentication for a critical function, enabling unauthorized access as indicated by CVSS 3.1 base m...

9.8CVSS7.1AI score0.00579EPSS
CVE
CVE
added 2024/09/10 12:0 a.m.45 views

CVE-2023-37233

CVE-2023-37233 affects Loftware Spectrum prior to version 4.6 HF14. The issue is an authenticated XML External Entity (XXE) vulnerability in the product’s XML processing, leading to potential high-impact exposure per CVSS (Confidentiality, Integrity, Availability: HIGH). Connected documents confi...

8.8CVSS6.8AI score0.00445EPSS
CVE
CVE
added 2024/09/10 12:0 a.m.43 views

CVE-2023-37227

Loftware Spectrum is affected by a deserialization vulnerability in versions before 4.6 HF13. The issue involves deserializing untrusted data and, per CVSS data in the initial records, could allow a network-exposed attacker to achieve high impact on confidentiality, integrity, and availability (b...

9.8CVSS7AI score0.00617EPSS