CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2023-43762
https://notcve.org/view.php?id=CVE-2023-43762
Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15. Ciertos productos WithSecure permiten la Ejecución Remota de Código No Autenticado a través del servidor web (backend). Esto afecta a WithSecure Policy Manager 15 y Policy Manager Proxy 15. • https://www.withsecure.com/en/support/security-advisories https://www.withsecure.com/en/support/security-advisories/cve-2023-43762 https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn511 •
CVSS: 6.1EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43763
https://notcve.org/view.php?id=CVE-2023-43763
Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. This affects WithSecure Policy Manager 15 on Windows and Linux. Ciertos productos WithSecure permiten XSS a través de un parámetro no validado en endpoint. Esto afecta a WithSecure Policy Manager 15 en Windows y Linux. • https://www.withsecure.com/en/support/security-advisories https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •