exploitDog

CVE-2023-36655

Опубликовано: 06 дек. 2023

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Active Directory is used as the users store) allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination.

Ссылки

https://prolion.com/cryptospike/
Product
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36655
Exploit
Third Party Advisory
https://prolion.com/cryptospike/
Product
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36655
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:prolion:cryptospike:3.0.15:p2:*:*:*:*:*:*

EPSS

Процентиль: 29%

0.00106

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-287

Связанные уязвимости

GHSA-g73w-69mw-5w4x

CVSS3: 9.8

github

около 2 лет назад

The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Active Directory is used as the users store) allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination.

EPSS

Процентиль: 29%

0.00106

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-287