CVE-2023-37233

Summary

CVE-2023-37233 identifies a vulnerability in Loftware Spectrum prior to version 4.6 HF14, which allows authenticated XML External Entity (XXE) attacks. This exploit can compromise the confidentiality, integrity, and availability of affected systems, posing a high security risk with a CVSS score of 8.8. The attack requires low privileges and does not necessitate user interaction, making it easier to exploit over a network. Organizations using vulnerable versions are advised to upgrade to the latest hotfix version to mitigate this risk. Failure to address this vulnerability could lead to significant data breaches and system disruptions.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.