Vulnerabilities > CVE-2023-36646 - Incorrect Authorization vulnerability in Prolion Cryptospike 3.0.15

CVSS 8.8 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

prolion

CWE-863

NVD

Published: 2023-12-12

Updated: 2023-12-13

Summary

Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation.

Vulnerable Configurations

Part	Description	Count
Application	Prolion Prolion Cryptospike 3.0.15	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36646