exploitDog

CVE-2023-47316

Опубликовано: 22 нояб. 2023

Источник: nvd

CVSS3: 5.4

EPSS Низкий

Описание

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows users to gain access to potentially sensitive API calls such as listing users and their data, file management API calls and audit-related API calls.

Ссылки

https://boltonshield.com/en/cve/cve-2023-47316/
Exploit
Third Party Advisory
https://boltonshield.com/en/cve/cve-2023-47316/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:h-mdm:headwind_mdm:5.22.1:*:*:*:*:*:*:*

EPSS

Процентиль: 20%

0.00063

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-639

Связанные уязвимости

GHSA-rpgw-w8c6-24xw

CVSS3: 5.4

github

около 2 лет назад

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows users to gain access to potentially sensitive API calls such as listing users and their data, file management API calls and audit-related API calls.

EPSS

Процентиль: 20%

0.00063

Низкий

5.4 Medium

CVSS3

Дефекты

CWE-639