CVE-2023-36648

Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer).
References
Link Resource
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36648 Exploit Third Party Advisory
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36648 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:prolion:cryptospike:3.0.15:p2:*:*:*:*:*:*

History

21 Nov 2024, 08:10

Type Values Removed Values Added
References () https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36648 - Exploit, Third Party Advisory () https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36648 - Exploit, Third Party Advisory

13 Dec 2023, 23:38

Type Values Removed Values Added
New CVE

Information

Published : 2023-12-12 01:15

Updated : 2024-11-21 08:10


NVD link : CVE-2023-36648

Mitre link : CVE-2023-36648

CVE.ORG link : CVE-2023-36648


JSON object : View

Products Affected

prolion

  • cryptospike
CWE
CWE-287

Improper Authentication