8 matches found
CVE-2023-37232
Loftware Spectrum (v4.6 and earlier) exposes sensitive information from logs to unauthorized actors. Documents consistently describe the issue as a disclosure of logs, impacting confidentiality (CVSSv3.1: HIGH, 7.5). The exact root cause, affected components, and remediation steps are not detaile...
CVE-2023-37234
Loftware Spectrum versions through 4.6 contain a security vulnerability due to an unprotected JMX Registry. Affected component: Loftware Spectrum (through 4.6). Reported impact includes exposure risks consistent with unprotected JMX access. The issue stems from the JMX Registry exposure; no explo...
CVE-2023-37229
CVE-2023-37229 concerns Loftware Spectrum and is described as a server-side request forgery (SSRF) vulnerability present in versions prior to 5.1. The Red Hat, NVD, CVE listings all reiterate that Loftware Spectrum before 5.1 is affected by SSRF. The PT-Security entry confirms the issue is SSRF a...
CVE-2023-37231
Loftware Spectrum is affected by a hard-coded password vulnerability in versions prior to 4.6 HF14. This issue enables unauthorized access due to credential hard-coding in HF14, with a CVSS v3.1 base score of 9.8 (CRITICAL). Impact includes confidentiality, integrity, and availability compromise....
CVE-2023-37230
Loftware Spectrum's testDeviceConnection vulnerability (CVE-2023-37230) is an SSRF issue in versions prior to 5.1. The CVSS 3.1 score is 8.8 (High) with network attack, no privileges, user interaction required, and impacts to confidentiality, integrity, and availability. The provided sources conf...
CVE-2023-37226
Loftware Spectrum pre-4.6 HF14 contains a Missing Authentication for a Critical Function vulnerability (CVE-2023-37226). Affected software: Loftware Spectrum prior to 4.6 HF14. Root cause: missing authentication for a critical function, enabling unauthorized access as indicated by CVSS 3.1 base m...
CVE-2023-37233
CVE-2023-37233 affects Loftware Spectrum prior to version 4.6 HF14. The issue is an authenticated XML External Entity (XXE) vulnerability in the product’s XML processing, leading to potential high-impact exposure per CVSS (Confidentiality, Integrity, Availability: HIGH). Connected documents confi...
CVE-2023-37227
Loftware Spectrum is affected by a deserialization vulnerability in versions before 4.6 HF13. The issue involves deserializing untrusted data and, per CVSS data in the initial records, could allow a network-exposed attacker to achieve high impact on confidentiality, integrity, and availability (b...