Unauthenticated Remote Data Access and Denial of Service in ProLion CryptoSpike 3.0.15P2

Unauthenticated Remote Data Access and Denial of Service in ProLion CryptoSpike 3.0.15P2

CVE-2023-36648 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer).

Learn more about our Cis Benchmark Audit For Apache Http Server.