CVE-2023-37226

Published: Sep 10, 2024Modified: May 29, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Loftware Spectrum before 4.6 HF14 has Missing Authentication for a Critical Function.

Affected (14)

Products: Loftware: Spectrum

1 product

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Loftware Spectrum	Before 4.6
Loftware Spectrum	Version 4.6
Loftware Spectrum	Version 4.6 feature_pack6
Loftware Spectrum	Version 4.6 hotfix10
Loftware Spectrum	Version 4.6 hotfix12
Loftware Spectrum	Version 4.6 hotfix13
Loftware Spectrum	Version 4.6 hotfix1
Loftware Spectrum	Version 4.6 hotfix2
Loftware Spectrum	Version 4.6 hotfix3
Loftware Spectrum	Version 4.6 hotfix4
Loftware Spectrum	Version 4.6 hotfix5
Loftware Spectrum	Version 4.6 hotfix7
Loftware Spectrum	Version 4.6 hotfix8
Loftware Spectrum	Version 4.6 hotfix9

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (3)

https://code-white.com

Source: cve@mitre.org

Not Applicable

https://code-white.com/public-vulnerability-list/

Source: cve@mitre.org

Third Party Advisory

https://docs.loftware.com/spectrum-releasenotes/Content/Hotfix/4.6_HF14.htm

Source: cve@mitre.org

Release Notes

Timeline

No history available yet.