CVSS Score of 10 (low)


Published Dec 6, 2023
Updated: Dec 12, 2023
CWE ID 287


CVE-2023-36655 is a vulnerability found in the login REST API of ProLion CryptoSpike 3.0.15P2 when LDAP or Active Directory is used as the users store. The vulnerability allows a remote blocked user to login and obtain an authentication token by specifying a username with different uppercase/lowercase character combination. This vulnerability has a high severity rating of 9.8 out of 10, according to NIST's National Vulnerability Database (NVD). It poses a potential danger to organizations as it could result in unauthorized access and compromise the confidentiality and integrity of sensitive information. To remediate this vulnerability, organizations should consider updating their ProLion CryptoSpike software to a version that addresses the issue or implement any patches or fixes provided by the vendor.


Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-36655 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options