CVE-2023-36647:

0.0 CVSS

Description

A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.

Classification

CVE ID: CVE-2023-36647

CVSS Base Severity: LOW

CVSS Base Score: 0.0

Affected Products

Vendor: n/a

Product: n/a

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.1% (probability of being exploited)

EPSS Percentile: 43.12% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://www.cvcn.gov.it/cvcn/cve/CVE-2023-36647

Timeline

2024-11-27 14:41:12 UTC
CVE