CVE-2023-36648

Name of the Vulnerable Software and Affected Versions ProLion CryptoSpike version 3.0.15P2

Description The issue is related to missing authentication in the internal data streaming system, allowing remote unauthenticated users to read potentially sensitive information and deny service to users. This is achieved by directly reading and writing data in Apache Kafka, where the attacker can act as both a consumer and a producer.

Recommendations For ProLion CryptoSpike version 3.0.15P2, consider implementing proper authentication mechanisms for the internal data streaming system to prevent unauthorized access. As a temporary workaround, restrict access to the Apache Kafka system to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.