Loftware Spectrum through 4.6 has unprotected JMX Registry.
JMX is a mechanism for managing Java applications that enables monitoring and control of components of a running process. In Loftware Spectrum, the JMX registry is accessible without requiring authentication, which means that anyone with network access to the server can connect to this registry. An attacker can use this to perform management operations, inject code, or manipulate the running application process. The lack of access control (CWE-284) causes the application's security boundary to be effectively bypassed.
An unauthenticated remote attacker can gain full control over the Loftware Spectrum instance, potentially leading to disclosure of confidential data, modification of configuration, or execution of arbitrary code on the server (RCE).
Patches available from the vendor should be applied according to the references. As a temporary measure, it is recommended to restrict network access to JMX registry ports exclusively to trusted hosts using a firewall, and to enable authentication and SSL/TLS encryption for JMX connections.
Loftware Spectrum in versions up to and including 4.6
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLoftware Spectrum
APPLoftware≤ 4.6
Related vulnerabilities
Loftware Spectrum — zakodowane na stałe hasło (Hard-coded Password)
Niebezpieczna deserializacja danych w Loftware Spectrum przed wersją 4.6 HF13
Loftware Spectrum — brak uwierzytelnienia dla krytycznej funkcji (Auth Bypass)
Loftware Spectrum before 4.6 HF14 allows authenticated XXE attacks.
Loftware Spectrum (testDeviceConnection) before 5.1 allows SSRF.