CVE-2023-47316

Name of the Vulnerable Software and Affected Versions Headwind MDM Web panel version 5.22.1

Description The issue allows users to gain access to potentially sensitive API calls, including listing users and their data, file management API calls, and audit-related API calls, due to incorrect access control.

Recommendations For Headwind MDM Web panel version 5.22.1, consider restricting access to sensitive API calls until a patch is available. As a temporary workaround, limit user permissions to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.