Vulnerabilities > Prolion > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-12 | CVE-2023-36652 | SQL Injection vulnerability in Prolion Cryptospike 3.0.15 A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read database data via SQL commands injected in the search parameter. | 4.3 |
| 2023-12-12 | CVE-2023-36654 | Path Traversal vulnerability in Prolion Cryptospike 3.0.15 Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to download host server SSH private keys (associated with a Linux root user) by injecting paths inside REST API endpoint parameters. | 6.5 |