Description
Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer).
References (1)
Core 1
Core References
Exploit, Third Party Advisory
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36648
Scores
CVSS v3
8.2
EPSS
0.0098
EPSS Percentile
57.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Details
CWE
CWE-287
Status
published
Products (1)
prolion/cryptospike
3.0.15 p2
Published
Dec 12, 2023
Tracked Since
Feb 18, 2026