CVE-2023-36648

CVSS 3.1 Score 8.2 of 10 (high)

Details

Published Dec 12, 2023

Updated: Dec 13, 2023

CWE ID 287

Summary

CVE-2023-36648 is a vulnerability affecting ProLion CryptoSpike 3.0.15P2's internal data streaming system. This issue results in missing authentication, enabling unauthenticated remote users to read potentially sensitive information and cause denial-of-service (DoS) attacks. These attacks can be carried out by directly manipulating data in Apache Kafka as both consumers and producers.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

ProLion CryptoSpike

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/rx6yej
https://www.cve.org/CVERecord?id=CVE-2023-36648
https://nvd.nist.gov/vuln/detail/CVE-2023-36648

Back to Vulnerability Database

CVE-2023-36648

CVSS 3.1 Score 8.2 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations