Unauthenticated Remote Data Access and Denial of Service in ProLion CryptoSpike 3.0.15P2
CVE-2023-36648 · HIGH Severity
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H
Missing authentication in the internal data streaming system in ProLion CryptoSpike 3.0.15P2 allows remote unauthenticated users to read potentially sensitive information and deny service to users by directly reading and writing data in Apache Kafka (as consumer and producer).
Learn more about our Cis Benchmark Audit For Apache Http Server.