exploitDog

CVE-2023-36648

Опубликовано: 12 дек. 2023

Источник: nvd

CVSS3: 8.2

EPSS Низкий

Описание

Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer).

Ссылки

https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36648
Exploit
Third Party Advisory
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36648
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prolion:cryptospike:3.0.15:p2:*:*:*:*:*:*

EPSS

Процентиль: 69%

0.00591

Низкий

8.2 High

CVSS3

Дефекты

CWE-287

Связанные уязвимости

GHSA-fqh7-w8jc-qqjj

CVSS3: 8.2

github

около 2 лет назад

Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer).

EPSS

Процентиль: 69%

0.00591

Низкий

8.2 High

CVSS3

Дефекты

CWE-287