High severity7.5NVD Advisory· Published Dec 12, 2023· Updated Jun 17, 2026
CVE-2023-36647
CVE-2023-36647
Description
A hard-coded cryptographic private key used to sign JWT authentication tokens in ProLion CryptoSpike 3.0.15P2 allows remote attackers to impersonate arbitrary users and roles in web management and REST API endpoints via crafted JWT tokens.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- ProLion/CryptoSpikedescription
- Range: 3.0.15P2
Patches
Vulnerability mechanics
References
1- www.cvcn.gov.it/cvcn/cve/CVE-2023-36647nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.