8.2

CVE-2023-36648

Exploit

EPSS 0.59%
Veröffentlicht 12.12.2023 01:15:10
Zuletzt bearbeitet 21.11.2024 08:10:12
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer).

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Prolion ≫ Cryptospike Version3.0.15 Updatep2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.59%	0.684

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.2	3.9	4.2	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36648

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-36648

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-36648

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-36648

EUVD