Security Advisory

CVE-2023-36647

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2023-12-12 00:00:00

Last updated 2024-11-26 17:57:33

Assigner mitre

State PUBLISHED

Description

A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.

← Browse all CVEs View on cve.org ↗