Lucene search
K

6 matches found

CVE
CVE
added 2024/09/10 12:0 a.m.48 views

CVE-2023-37229

CVE-2023-37229 concerns Loftware Spectrum and is described as a server-side request forgery (SSRF) vulnerability present in versions prior to 5.1. The Red Hat, NVD, CVE listings all reiterate that Loftware Spectrum before 5.1 is affected by SSRF. The PT-Security entry confirms the issue is SSRF a...

8.8CVSS7AI score0.00349EPSS
CVE
CVE
added 2024/09/10 12:0 a.m.47 views

CVE-2023-37226

Loftware Spectrum pre-4.6 HF14 contains a Missing Authentication for a Critical Function vulnerability (CVE-2023-37226). Affected software: Loftware Spectrum prior to 4.6 HF14. Root cause: missing authentication for a critical function, enabling unauthorized access as indicated by CVSS 3.1 base m...

9.8CVSS7.1AI score0.00579EPSS
CVE
CVE
added 2024/09/10 12:0 a.m.47 views

CVE-2023-37231

Loftware Spectrum is affected by a hard-coded password vulnerability in versions prior to 4.6 HF14. This issue enables unauthorized access due to credential hard-coding in HF14, with a CVSS v3.1 base score of 9.8 (CRITICAL). Impact includes confidentiality, integrity, and availability compromise....

9.8CVSS7AI score0.00516EPSS
CVE
CVE
added 2024/09/10 12:0 a.m.46 views

CVE-2023-37230

Loftware Spectrum's testDeviceConnection vulnerability (CVE-2023-37230) is an SSRF issue in versions prior to 5.1. The CVSS 3.1 score is 8.8 (High) with network attack, no privileges, user interaction required, and impacts to confidentiality, integrity, and availability. The provided sources conf...

8.8CVSS7AI score0.00349EPSS
CVE
CVE
added 2024/09/10 12:0 a.m.46 views

CVE-2023-37233

CVE-2023-37233 affects Loftware Spectrum prior to version 4.6 HF14. The issue is an authenticated XML External Entity (XXE) vulnerability in the product’s XML processing, leading to potential high-impact exposure per CVSS (Confidentiality, Integrity, Availability: HIGH). Connected documents confi...

8.8CVSS6.8AI score0.00445EPSS
CVE
CVE
added 2024/09/10 12:0 a.m.45 views

CVE-2023-37227

Loftware Spectrum is affected by a deserialization vulnerability in versions before 4.6 HF13. The issue involves deserializing untrusted data and, per CVSS data in the initial records, could allow a network-exposed attacker to achieve high impact on confidentiality, integrity, and availability (b...

9.8CVSS7AI score0.00617EPSS