Lucene search
K

66 matches found

NVD
NVD
added 2023/12/12 1:15 a.m.14 views

CVE-2023-36652

A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read database data via SQL commands injected in the search parameter...

4.3CVSS0.00598EPSS
Exploits1References1
Prion
Prion
added 2023/12/12 1:15 a.m.15 views

Hardcoded credentials

A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens...

5CVSS7.6AI score0.00754EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/12/12 1:15 a.m.18 views

Authentication flaw

Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka as consumer and producer...

6.4CVSS7.1AI score0.0098EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/12/12 1:15 a.m.17 views

Sql injection

A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read database data via SQL commands injected in the search parameter...

4CVSS8.2AI score0.00598EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/12/12 1:15 a.m.19 views

Directory traversal

Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to download host server SSH private keys associated with a Linux root user by injecting paths inside REST API endpoint parameters...

4CVSS6.8AI score0.01241EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/12/12 1:15 a.m.16 views

Authentication flaw

Insertion of sensitive information in the centralized Grafana logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate other users in web management and the REST API by reading JWT tokens from logs as a Granafa authenticated user or from the Loki REST API without...

6.4CVSS6.7AI score0.00879EPSS
Exploits1References1Affected Software1
Prion
Prion
added 2023/12/12 1:15 a.m.15 views

Input validation

A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages...

5.8CVSS7.7AI score0.00392EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2023/12/12 12:15 a.m.16 views

CVE-2023-36646

Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation...

8.8CVSS0.00847EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/12/12 12:15 a.m.3 views

CVE-2023-36646

Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation...

8.8CVSS7.5AI score0.00847EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.5 views

ProLion CryptoSpike Security Vulnerability

ProLion CryptoSpike is ProLion's solution for detecting and combating suspicious activity. A security vulnerability exists in ProLion CryptoSpike version 3.0.15P2 that stems from hidden and hard-coded credentials...

7.2CVSS6.9AI score0.00996EPSS
Exploits1References2
CVE
CVE
added 2023/12/12 12:0 a.m.33 views

CVE-2023-36651

Summary: CVE-2023-36651 affects ProLion CryptoSpike 3.0.15P2. The issue arises from hidden and hard-coded credentials that let remote attackers log in to web management as super-admin and access the most privileged REST API endpoints. The available sources consistently describe the vulnerability ...

7.2CVSS6.9AI score0.00996EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/12/12 12:0 a.m.15 views

CVE-2023-36647

A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens...

7.9AI score0.00754EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.5 views

ProLion CryptoSpike Security Vulnerability

ProLion CryptoSpike is ProLion's solution for detecting and combating suspicious activity. A security vulnerability exists in ProLion CryptoSpike version 3.0.15P2, which stems from incorrect user role checking in multiple REST API endpoints, allowing a low-privileged remote attacker to perform...

8.8CVSS7.1AI score0.00847EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.3 views

ProLion CryptoSpike Security Vulnerability

ProLion CryptoSpike is ProLion's solution for detecting and combating suspicious activity. A security vulnerability exists in ProLion CryptoSpike version 3.0.15P2 that stems from directory traversal in the Log Download REST API endpoint...

6.5CVSS6.9AI score0.01241EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.5 views

ProLion CryptoSpike Security Vulnerability

ProLion CryptoSpike is ProLion's solution for detecting and combating suspicious activity. A security vulnerability exists in ProLion CryptoSpike version 3.0.15P2 that originates from the insertion of sensitive information in a centralized Grafana logging system...

9.1CVSS6.5AI score0.00879EPSS
Exploits1References2
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.6 views

ProLion CryptoSpike Security Vulnerability

ProLion CryptoSpike is ProLion's solution for detecting and combating suspicious activity. A security vulnerability exists in ProLion CryptoSpike version 3.0.15P2 that stems from a lack of authentication in the internal data flow system...

8.2CVSS7AI score0.0098EPSS
Exploits1References2
Cvelist
Cvelist
added 2023/12/12 12:0 a.m.20 views

CVE-2023-36652

A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read database data via SQL commands injected in the search parameter...

5.5AI score0.00598EPSS
Exploits1References1
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.7 views

ProLion CryptoSpike Security Vulnerability

ProLion CryptoSpike is ProLion's solution for detecting and combating suspicious activity. A security vulnerability exists in ProLion CryptoSpike version 3.0.15P2 that stems from the use of hard-coded encrypted private keys that sign JWT authentication tokens...

7.5CVSS7AI score0.00754EPSS
Exploits1References2
CVE
CVE
added 2023/12/12 12:0 a.m.38 views

CVE-2023-36648

The CVE-2023-36648 issue affects ProLion CryptoSpike 3.0.15P2, where missing authentication in the internal data streaming system allows remote unauthenticated access to Apache Kafka as a consumer or producer. This exposes potentially sensitive information and can cause denial of service by direc...

8.2CVSS8AI score0.0098EPSS
Exploits1References1Affected Software1
CNNVD
CNNVD
added 2023/12/12 12:0 a.m.5 views

ProLion CryptoSpike Security Vulnerability

ProLion CryptoSpike is ProLion's solution for detecting and combating suspicious activity. A security vulnerability exists in ProLion CryptoSpike version 3.0.15P2 that stems from SQL injection when a user searches a REST API endpoint...

4.3CVSS7.9AI score0.00598EPSS
Exploits1References2
Rows per page
Query Builder