Spectrum 10.2, 10.2.1 are using Apache Tomcat 7.0.72. Below vulnerabilities don't affect Tomcat 7.0.72, thus Spectrum is not affected.
Spectrum Engineering has also confirmed that Spectrum is not affected by the following vulnerabilities.
However Spectrum is affected by CVE-2017-5648 vulnerability. We are tracking this issue internally in ticket US341923, and plan to address this issue in our next release Spectrum, i.e. Spectrum 10.3