Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation.
References
Link | Resource |
---|---|
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36646 | Exploit Third Party Advisory |
Configurations
History
13 Dec 2023, 20:38
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-12 00:15
Updated : 2024-02-28 20:54
NVD link : CVE-2023-36646
Mitre link : CVE-2023-36646
CVE.ORG link : CVE-2023-36646
JSON object : View
Products Affected
prolion
- cryptospike
CWE
CWE-863
Incorrect Authorization