CVE-2023-36646

Name of the Vulnerable Software and Affected Versions ProLion CryptoSpike version 3.0.15P2

Description The issue is related to incorrect user role checking in multiple REST API endpoints, allowing a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation.

Recommendations For ProLion CryptoSpike version 3.0.15P2, consider restricting access to the vulnerable REST API endpoints until a patch is available. As a temporary workaround, review and enforce proper user role checking to prevent privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.