Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
prolion cryptospike 3.0.15 vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2023-36647
A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote malicious users to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.
Prolion Cryptospike 3.0.15
8.2
CVSSv3
CVE-2023-36648
Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer).
Prolion Cryptospike 3.0.15
9.1
CVSSv3
CVE-2023-36649
Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote malicious users to impersonate other users in web management and the REST API by reading JWT tokens from logs (as a Granafa authenticated user) or from the...
Prolion Cryptospike 3.0.15
7.2
CVSSv3
CVE-2023-36650
A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows malicious users to execute OS commands as the root Linux user on the host system via forged update packages.
Prolion Cryptospike 3.0.15
7.2
CVSSv3
CVE-2023-36651
Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote malicious users to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials.
Prolion Cryptospike 3.0.15
4.3
CVSSv3
CVE-2023-36652
A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated malicious users to read database data via SQL commands injected in the search parameter.
Prolion Cryptospike 3.0.15
6.5
CVSSv3
CVE-2023-36654
Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated malicious users to download host server SSH private keys (associated with a Linux root user) by injecting paths inside REST API endpoint parameters.
Prolion Cryptospike 3.0.15
8.8
CVSSv3
CVE-2023-36646
Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation.
Prolion Cryptospike 3.0.15
9.8
CVSSv3
CVE-2023-36655
The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Active Directory is used as the users store) allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination.
Prolion Cryptospike 3.0.15
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32976
CVE-2024-33557
CVE-2024-36801
CVE-2024-35654
authentication bypass
CVE-2024-24919
CSRF
code execution
CVE-2024-27348
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started