CVE-2023-37227

CRITICAL

Loftware Spectrum < 4.6 - Insecure Deserialization

Title source: rule

Description

Loftware Spectrum before 4.6 HF13 Deserializes Untrusted Data.

References (3)

[Not Applicable] https://code-white.com

[Third Party Advisory] https://code-white.com/public-vulnerability-list/

[Release Notes] https://docs.loftware.com/spectrum-releasenotes/Content/Hotfix/4.6_HF13.htm

Scores

CVSS v3 9.8

EPSS 0.0026

EPSS Percentile 48.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Classification

CWE

CWE-502

Status published

Affected Products (13)

loftware/spectrum < 4.6

loftware/spectrum

loftware/spectrum

loftware/spectrum

loftware/spectrum

loftware/spectrum

loftware/spectrum

loftware/spectrum

loftware/spectrum

loftware/spectrum

loftware/spectrum

loftware/spectrum

loftware/spectrum

Timeline

Published Sep 10, 2024

Tracked Since Feb 18, 2026