Podatność CVE-2023-36646
Publikacja: 2023-12-12   Modyfikacja: 2023-12-14

Opis:
Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation.

Typ:

CWE-863

 (Incorrect Authorization)

Affected software
Prolion -> Cryptospike 

 Referencje:
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36646
Copyright 2024, cxsecurity.com

 

Back to Top