Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer).
References
Link | Resource |
---|---|
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36648 | Exploit Third Party Advisory |
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36648 | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 08:10
Type | Values Removed | Values Added |
---|---|---|
References | () https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36648 - Exploit, Third Party Advisory |
13 Dec 2023, 23:38
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-12-12 01:15
Updated : 2024-11-21 08:10
NVD link : CVE-2023-36648
Mitre link : CVE-2023-36648
CVE.ORG link : CVE-2023-36648
JSON object : View
Products Affected
prolion
- cryptospike
CWE
CWE-287
Improper Authentication