There are the following Apache Tomcat vulnerabilities reported, i.e.
Is Spectrum affected by the CVE-2017-5651, CVE-2017-5647, CVE-2017-5650, CVE-2017-5648, CVE-2016-6808 Apache Tomcat vulnerabilities?
Release: SDBSFO99000-10.2-Spectrum-Device Based Suite-Server FOC
Spectrum 10.2.x are using Apache Tomcat 7.0.72. Below vulnerabilities don't affect Tomcat 7.0.72, thus Spectrum is not affected.
Spectrum Engineering has also confirmed that Spectrum is not affected by the following vulnerabilities.
Spectrum 10.2.x is affected by the CVE-2017-5648 vulnerability. This has been addressed in Spectrum 10.3.x