CVSS: 10.0EPSS: 2%CPEs: 4EXPL: 0CVE-2023-43762
https://notcve.org/view.php?id=CVE-2023-43762
22 Sep 2023 — Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15. Ciertos productos WithSecure permiten la Ejecución Remota de Código No Autenticado a través del servidor web (backend). Esto afecta a WithSecure Policy Manager 15 y Policy Manager Proxy 15. • https://www.withsecure.com/en/support/security-advisories •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2023-43763
https://notcve.org/view.php?id=CVE-2023-43763
22 Sep 2023 — Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. This affects WithSecure Policy Manager 15 on Windows and Linux. Ciertos productos WithSecure permiten XSS a través de un parámetro no validado en endpoint. Esto afecta a WithSecure Policy Manager 15 en Windows y Linux. • https://www.withsecure.com/en/support/security-advisories • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 10.0EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38165
https://notcve.org/view.php?id=CVE-2022-38165
17 Nov 2022 — Arbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with the contents in arbitrary locations on the F-Secure Policy Manager Server. La escritura arbitraria de archivos en F-Secure Policy Manager hasta el 10 de agosto de 2022 permite a usuarios no autenticados escribir el archivo con el contenido en ubicaciones arbitrarias en el servidor de F-Secure Policy Manager. • https://www.withsecure.com/en/support/security-advisories/cve-2022-38165 •
CVSS: 6.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-38162
https://notcve.org/view.php?id=CVE-2022-38162
25 Oct 2022 — Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within the F-Secure Policy Manager due to an unvalidated parameter in the endpoint, which allows remote attackers to provide a malicious input. Se presenta una vulnerabilidad de tipo cross-site scripting (XSS) reflejado en WithSecure hasta el 2022-08-10) dentro de F-Secure Policy Manager debido a un parámetro no comprobado en el endpoint, que permite a atacantes remotos proporcionar una entrada maliciosa • https://withsecure.com • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •