Lucene search

[email protected]CVE-2023-43763

HistorySep 22, 2023 - 5:15 a.m.

CVE-2023-43763

2023-09-2205:15:09

CWE-79

[email protected]

web.nvd.nist.gov

cve-2023-43763

withsecure

xss

unvalidated parameter

endpoint

policy manager

windows

linux

nvd

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. This affects WithSecure Policy Manager 15 on Windows and Linux.

Affected configurations

NVD

Node

withsecuref-secure_policy_managerMatch15.00linux_kernel

withsecuref-secure_policy_managerMatch15.00windows

CPENameOperatorVersion
withsecure:f-secure_policy_managerwithsecure f-secure policy managereq15.00

CPE	Name	Operator	Version
withsecure:f-secure_policy_manager	withsecure f-secure policy manager	eq	15.00

References

www.withsecure.com/en/support/security-advisories

www.withsecure.com/en/support/security-advisories/cve-2023-nnn

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.0005 Low

EPSS

Percentile

17.0%

JSON

Related for CVE-2023-43763

cvelist1 nvd1 prion1