CVE-2023-36648 : Missing authentication in the internal data streaming system in ProLion CryptoSp

Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer).

Published 2023-12-12 01:15:10

Updated 2023-12-13 23:38:18

Source MITRE

View at NVD, CVE.org

Vulnerability category: BypassGain privilege

Products affected by CVE-2023-36648

Prolion » Cryptospike » Version: 3.0.15 Update P2
cpe:2.3:a:prolion:cryptospike:3.0.15:p2:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-36648

EPSS FAQ

0.33%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 55 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-36648

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
8.2	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H	3.9	4.2	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: None Availability: High

CWE ids for CVE-2023-36648

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-36648

https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36648

CVCN
Exploit;Third Party Advisory

Jump to

Vulnerability Details : CVE-2023-36648

Products affected by CVE-2023-36648

Exploit prediction scoring system (EPSS) score for CVE-2023-36648

CVSS scores for CVE-2023-36648

CWE ids for CVE-2023-36648

References for CVE-2023-36648