Security advisories

From SpinetiX Support Wiki

Jump to: navigation, search

This page relates to security of the SpinetiX players.

Introduction

SpinetiX is committed to customer safety and the ongoing security of our products. We allocate resources to fix and patch vulnerabilities as soon as they are discovered by internal tests, researchers, or customers. To protect users, SpinetiX does not publicly announce security vulnerabilities until fixes are publicly available; once fixes are available, vulnerabilities shall be announced on this website.

Report Vulnerabilities

To report security issues that affect SpinetiX products, please contact: security@spinetix.com.

Please note that this e-mail address is used for monitoring potential product security issues. Generally speaking, we won’t reply to incoming e-mail messages unless further information is required.

Security Updates

Advisory Subject Severity Status Last Updated
SpinetiX-SA-21:03 Session fixation on the player web interface High Solved July 2, 2021
SpinetiX-SA-21:02 Improper authorization checks on RPC calls High Solved July 2, 2021
SpinetiX-SA-21:01 Deprecated HTML engine on HMP350, HMP300 and DiVA Medium Will not fix June 2, 2021
SpinetiX-SA-20:01 RSS proxy server-side request forgery (SSRF) and path traversal Medium Solved March 27, 2021
This page was last modified on 20 December 2021, at 20:57.