PT-2023-30409 · Headwind · Headwind Mdm Web Panel

Publicado

2023-11-22

Atualizado

2023-11-30

CVE-2023-47312

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Headwind MDM Web panel version 5.22.1

Description The issue is related to Incorrect Access Control due to Login Credential Leakage via Audit Entries. This allows unauthorized access to sensitive information.

Recommendations For Headwind MDM Web panel version 5.22.1, consider restricting access to audit entries to minimize the risk of exploitation. As a temporary workaround, limit access to the web panel until a fix is available. At the moment, there is no information about a newer version that contains a fix for this issue.

Exploit

Correção

Cleartext Storage of Sensitive Information

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-312

Identificadores relacionados

CVE-2023-47312

Produtos afetados

Headwind Mdm Web Panel

PT-2023-30409 · Headwind · Headwind Mdm Web Panel

CVE-2023-47312

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4