Security advisories
From SpinetiX Support Wiki
This page relates to security of the SpinetiX players.
Introduction
SpinetiX is committed to customer safety and the ongoing security of our products. We allocate resources to fix and patch vulnerabilities as soon as they are discovered by internal tests, researchers, or customers. To protect users, SpinetiX does not publicly announce security vulnerabilities until fixes are publicly available; once fixes are available, vulnerabilities shall be announced on this website.
Report Vulnerabilities
To report security issues that affect SpinetiX products, please contact: security@spinetix.com.
Please note that this e-mail address is used for monitoring potential product security issues. Generally speaking, we won’t reply to incoming e-mail messages unless further information is required.
Security Updates
| Advisory | Subject | Severity | Status | Last Updated |
|---|---|---|---|---|
| SpinetiX-SA-21:03 | Session fixation on the player web interface | High | Solved | July 2, 2021 |
| SpinetiX-SA-21:02 | Improper authorization checks on RPC calls | High | Solved | July 2, 2021 |
| SpinetiX-SA-21:01 | Deprecated HTML engine on HMP350, HMP300 and DiVA | Medium | Will not fix | June 2, 2021 |
| SpinetiX-SA-20:01 | RSS proxy server-side request forgery (SSRF) and path traversal | Medium | Solved | March 27, 2021 |