8.8

CVE-2023-47315

Exploit

EPSS 0.07%
Veröffentlicht 22.11.2023 17:15:22
Zuletzt bearbeitet 21.11.2024 08:30:08
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application’s JWT token and verify the incoming user-supplied tokens.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

H-mdm ≫ Headwind Mdm Version5.22.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.07%	0.222

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-798 Use of Hard-coded Credentials

The product contains hard-coded credentials, such as a password or cryptographic key.

https://boltonshield.com/en/cve/cve-2023-47315/

Third Party Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2023-47315

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-47315

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-47315

EUVD