A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.
History

Tue, 26 Nov 2024 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-12-12T00:00:00

Updated: 2024-11-26T17:57:33.429Z

Reserved: 2023-06-25T00:00:00

Link: CVE-2023-36647

cve-icon Vulnrichment

Updated: 2024-08-02T16:52:53.997Z

cve-icon NVD

Status : Modified

Published: 2023-12-12T01:15:10.010

Modified: 2024-11-21T08:10:11.410

Link: CVE-2023-36647

cve-icon Redhat

No data.