CVE-2023-43762
Description
Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Unauthenticated remote code execution vulnerability in WithSecure Policy Manager 15 and Policy Manager Proxy 15 via the web server backend.
Vulnerability
The vulnerability resides in the web server (backend) component of WithSecure Policy Manager Server and WithSecure Policy Manager Proxy, both version 15. An unauthenticated remote attacker can exploit this flaw to execute arbitrary code on the target system. [2]
Exploitation
An attacker can send specially crafted requests to the vulnerable web server without any authentication. No user interaction is required. The advisory notes that no known exploit has been seen in the wild. [2]
Impact
Successful exploitation allows remote code execution on the client machine, potentially leading to full compromise of the affected system. [2]
Mitigation
WithSecure has released a hotfix (hotfix7) that includes mitigation instructions in the Readme.txt file. Users should apply the hotfix as soon as possible. [2]
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- WithSecure/WithSecure Policy Managerdescription
- Range: =15
- Range: =15
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
3News mentions
0No linked articles in our index yet.