Vulnerability CVE-2023-36646


Published: 2023-12-12   Modified: 2023-12-14

Description:
Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation.

Type:

CWE-863

(Incorrect Authorization)

Affected software
Prolion -> Cryptospike 

 References:
https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36646

Copyright 2024, cxsecurity.com

 

Back to Top