CVE-2023-47316

{"id": "CVE-2023-47316", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2023-11-22T17:15:22.490", "references": [{"url": "https://boltonshield.com/en/cve/cve-2023-47316/", "tags": ["Exploit", "Third Party Advisory"], "source": "cve@mitre.org"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows users to gain access to potentially sensitive API calls such as listing users and their data, file management API calls and audit-related API calls."}, {"lang": "es", "value": "Headwind MDM Web panel 5.22.1 es vulnerable a un control de acceso incorrecto. El panel web permite a los usuarios obtener acceso a llamadas API potencialmente confidenciales, como listas de usuarios y sus datos, llamadas API de administraci\u00f3n de archivos y llamadas API relacionadas con auditor\u00edas."}], "lastModified": "2023-11-30T05:33:57.420", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:h-mdm:headwind_mdm:5.22.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "74956AFE-5BBC-40AA-97A4-61F4E2A595FC"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}