Every CVE whose affected-product data names Prolion Cryptospike, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2023-36655 — CVSS 9.8 (critical): The login REST API in ProLion CryptoSpike 3.0.15P2 (when LDAP or Active Directory is used as the users store) allows a remote blocked user…
CVE-2023-36649 — CVSS 9.1 (critical): Insertion of sensitive information in the centralized (Grafana) logging system in ProLion CryptoSpike 3.0.15P2 allows remote attackers to…
CVE-2023-36646 — CVSS 8.8 (high): Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to…
CVE-2023-36648 — CVSS 8.2 (high): Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read…
CVE-2023-36647 — CVSS 7.5 (high): A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to…
CVE-2023-36650 — CVSS 7.2 (high): A missing integrity check in the update system in ProLion CryptoSpike 3.0.15P2 allows attackers to execute OS commands as the root Linux…
CVE-2023-36651 — CVSS 7.2 (high): Hidden and hard-coded credentials in ProLion CryptoSpike 3.0.15P2 allow remote attackers to login to web management as super-admin and…
CVE-2023-36654 — CVSS 6.5 (medium): Directory traversal in the log-download REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to download…
CVE-2023-36652 — CVSS 4.3 (medium): A SQL Injection in the users searching REST API endpoint in ProLion CryptoSpike 3.0.15P2 allows remote authenticated attackers to read…