Lucene search
+L
ProlionCryptospike

9 matches found

CVE
CVE
added 2023/12/12 12:0 a.m.45 views

CVE-2023-36652

CVE-2023-36652 describes a SQL injection in ProLion CryptoSpike 3.0.15P2's users searching REST API endpoint. The underlying issue is unsafely constructed SQL in the search parameter, allowing remote authenticated attackers to read database data. Affected product: ProLion CryptoSpike (version 3.0...

4.3CVSS5.2AI score0.00598EPSS
CVE
CVE
added 2023/12/12 12:0 a.m.43 views

CVE-2023-36649

ProLion CryptoSpike 3.0.15P2 is affected by an authentication/authorization issue arising from insertion of sensitive information into the centralized Grafana logging system, enabling remote attackers to impersonate other users in web management and REST API by reading JWT tokens from logs or the...

9.1CVSS8.8AI score0.00879EPSS
CVE
CVE
added 2023/12/12 12:0 a.m.40 views

CVE-2023-36654

ProLion CryptoSpike 3.0.15P2 contains a directory-traversal vulnerability in the log-download REST API endpoint. By injecting paths into API parameters, remote authenticated attackers can download SSH private keys from the host server (root-owned). Root cause: path traversal in the log-download e...

6.5CVSS6.1AI score0.01241EPSS
CVE
CVE
added 2023/12/12 12:0 a.m.38 views

CVE-2023-36648

The CVE-2023-36648 issue affects ProLion CryptoSpike 3.0.15P2, where missing authentication in the internal data streaming system allows remote unauthenticated access to Apache Kafka as a consumer or producer. This exposes potentially sensitive information and can cause denial of service by direc...

8.2CVSS8AI score0.0098EPSS
CVE
CVE
added 2023/12/06 12:0 a.m.38 views

CVE-2023-36655

ProLion CryptoSpike 3.0.15P2 exposes a login REST API weakness when LDAP/AD is used as the user store: a remote blocked user can obtain an authentication token by supplying a username with mixed upper/lowercase. The issue is documented in CVE-2023-36655 across multiple feeds (NVD, CVE lists, vend...

9.8CVSS9.4AI score0.00985EPSS
CVE
CVE
added 2023/12/11 12:0 a.m.35 views

CVE-2023-36646

CVE-2023-36646 affects ProLion CryptoSpike 3.0.15P2. The issue is incorrect user role checking in multiple REST API endpoints, enabling a remote attacker with low privileges to call privileged functions and achieve privilege escalation via REST endpoint invocation. The NVD entry rates the impact ...

8.8CVSS8.8AI score0.00847EPSS
CVE
CVE
added 2023/12/12 12:0 a.m.35 views

CVE-2023-36647

Summary: CVE-2023-36647 affects ProLion CryptoSpike 3.0.15P2, where a hard-coded cryptographic private key is used to sign JWTs, enabling remote impersonation of users/roles in web management and REST API endpoints. The vulnerability arises from the use of a private key embedded in the product, e...

7.5CVSS7.7AI score0.00754EPSS
CVE
CVE
added 2023/12/12 12:0 a.m.34 views

CVE-2023-36650

CVE-2023-36650 concerns ProLion CryptoSpike 3.0.15P2, where a missing integrity check in the software’s update system allows an attacker to run OS commands as root on the host via forged updates. The vulnerability affects the update mechanism (update system) and the root-level impact is described...

7.2CVSS7.2AI score0.00392EPSS
CVE
CVE
added 2023/12/12 12:0 a.m.34 views

CVE-2023-36651

Summary: CVE-2023-36651 affects ProLion CryptoSpike 3.0.15P2. The issue arises from hidden and hard-coded credentials that let remote attackers log in to web management as super-admin and access the most privileged REST API endpoints. The available sources consistently describe the vulnerability ...

7.2CVSS6.9AI score0.00996EPSS