VYPR

F-Secure Policy Manager

by WithSecure

CVEs (4)

  • CVE-2023-43762CriSep 22, 2023
    risk 0.64cvss 9.8epss 0.01

    Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15.

  • CVE-2022-38165CriNov 17, 2022
    risk 0.64cvss 9.8epss 0.01

    Arbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with the contents in arbitrary locations on the F-Secure Policy Manager Server.

  • CVE-2023-43763MedSep 22, 2023
    risk 0.40cvss 6.1epss 0.00

    Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. This affects WithSecure Policy Manager 15 on Windows and Linux.

  • CVE-2022-38162MedOct 25, 2022
    risk 0.40cvss 6.1epss 0.01

    Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within the F-Secure Policy Manager due to an unvalidated parameter in the endpoint, which allows remote attackers to provide a malicious input.