CVE-2023-37231

Published: Sep 10, 2024Modified: May 29, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

Loftware Spectrum before 4.6 HF14 uses a Hard-coded Password.

Affected (14)

Products: Loftware: Spectrum

1 product

Configuration A

14 vulnerable

Vulnerable Software	Affected Versions
Loftware Spectrum	Before 4.6
Loftware Spectrum	Version 4.6
Loftware Spectrum	Version 4.6 feature_pack6
Loftware Spectrum	Version 4.6 hotfix10
Loftware Spectrum	Version 4.6 hotfix12
Loftware Spectrum	Version 4.6 hotfix13
Loftware Spectrum	Version 4.6 hotfix1
Loftware Spectrum	Version 4.6 hotfix2
Loftware Spectrum	Version 4.6 hotfix3
Loftware Spectrum	Version 4.6 hotfix4
Loftware Spectrum	Version 4.6 hotfix5
Loftware Spectrum	Version 4.6 hotfix7
Loftware Spectrum	Version 4.6 hotfix8
Loftware Spectrum	Version 4.6 hotfix9

Related CWEs

Use of Hard-coded Password

The product contains a hard-coded password, which it uses for its own inbound authentication or for outbound communication to external components.

References (3)

https://code-white.com

Source: cve@mitre.org

Not Applicable

https://code-white.com/public-vulnerability-list/

Source: cve@mitre.org

Third Party Advisory

https://docs.loftware.com/spectrum-releasenotes/Content/Hotfix/4.6_HF14.htm

Source: cve@mitre.org

Release Notes

Timeline

No history available yet.