Vulnerabilities > Prolion > Cryptospike > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-12 | CVE-2023-36647 | Use of Hard-coded Credentials vulnerability in Prolion Cryptospike 3.0.15 A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens. | 7.5 |
| 2023-12-12 | CVE-2023-36648 | Improper Authentication vulnerability in Prolion Cryptospike 3.0.15 Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer). | 8.2 |
| 2023-12-12 | CVE-2023-36650 | Improper Validation of Integrity Check Value vulnerability in Prolion Cryptospike 3.0.15 A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux user on the host system via forged update packages. | 7.2 |
| 2023-12-12 | CVE-2023-36651 | Use of Hard-coded Credentials vulnerability in Prolion Cryptospike 3.0.15 Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and consume the most privileged REST API endpoints via these credentials. | 7.2 |
| 2023-12-12 | CVE-2023-36646 | Incorrect Authorization vulnerability in Prolion Cryptospike 3.0.15 Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation. | 8.8 |