Incorrect Access Control in Headwind MDM Web Panel 5.22.1 Allows Unauthorized API Access

Incorrect Access Control in Headwind MDM Web Panel 5.22.1 Allows Unauthorized API Access

CVE-2023-47316 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. The Web panel allows users to gain access to potentially sensitive API calls such as listing users and their data, file management API calls and audit-related API calls.

Learn more about our Web App Pen Testing.