Spectrum 10.2.x are using Apache Tomcat 7.0.72. Below vulnerabilities don't affect Tomcat 7.0.72, thus Spectrum is not affected.
Spectrum Engineering has also confirmed that Spectrum is not affected by the following vulnerabilities.
Spectrum 10.2.x is affected by the CVE-2017-5648 vulnerability. This has been addressed in Spectrum 10.3.x