CVE-2023-36648

Published: Dec 12, 2023Modified: Nov 21, 2024

8.2

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Exploitability: 3.9 / Impact: 4.2

Source: NVD

Description

Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer).

Affected (1)

Products: Prolion: Cryptospike

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Prolion Cryptospike	Version 3.0.15 p2

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36648

Source: cve@mitre.org

ExploitThird Party Advisory

https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36648

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.