4 matches found
CVE-2022-38162
CVE-2022-38162 describes a reflected XSS in WithSecure’s F-Secure Policy Manager caused by an unvalidated parameter in a vulnerable endpoint. Affected software is WithSecure/Policy Manager (versions up to 2022-08-10 per sources). The vulnerability enables remote attackers to inject malicious inpu...
CVE-2022-38165
The CVE-2022-38165 entry concerns Arbitrary file write in F-Secure Policy Manager (and WithSecure rebrand) prior to 2022-08-10. An unauthenticated attacker could write arbitrary files to arbitrary locations on the Policy Manager Server. Publicly available connected documents corroborate the flaw’...
CVE-2023-43763
CVE-2023-43763 affects WithSecure Policy Manager 15 on Windows and Linux. The issue—an XSS vulnerability—stems from an unvalidated parameter in a web endpoint, indicating insufficient input validation in the affected component. The CVSS 3.1 base score is 6.1 (MEDIUM) with Network access, Low conf...
CVE-2023-43762
CVE-2023-43762 affects WithSecure Policy Manager 15 and Policy Manager Proxy 15, allowing unauthenticated remote code execution via the web server (backend). The Red Hat, NVD, and CN literature corroborate this description across multiple feeds. The core issue is an unauthenticated RCE path reach...