CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2023-36655

The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Active Directory is used as the users store) allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 29.4%

CVSS Severity

CVSS v3 Score 9.8

References

https://prolion.com/cryptospike/
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36655
https://prolion.com/cryptospike/
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36655

Products affected by CVE-2023-36655

Prolion » Cryptospike » Version: 3.0.15

cpe:2.3:a:prolion:cryptospike:3.0.15

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2023-36655

Products

Pricing

Contact Us