Vulnerabilities > F Secure

DATE CVE VULNERABILITY TITLE RISK
2018-02-16 CVE-2018-6324 Open Redirect vulnerability in F-Secure Radar 3.9.1
F-Secure Radar (on-premises) before 2018-02-15 has an Unvalidated Redirect via the ReturnUrl parameter that triggers upon a user login.
network
low complexity
f-secure CWE-601
6.1
2018-02-16 CVE-2018-6189 Cross-site Scripting vulnerability in F-Secure Radar 3.9.1
F-Secure Radar (on-premises) before 2018-02-15 has XSS via vectors involving the Tags parameter in the JSON request body in an outbound request for the /api/latest/vulnerabilityscans/tags/batch resource, aka a "suggested metadata tags for assets" issue.
network
low complexity
f-secure CWE-79
6.1
2017-08-02 CVE-2015-8264 Untrusted Search Path vulnerability in F-Secure Online Scanner
Untrusted search path vulnerability in F-Secure Online Scanner allows remote attackers to execute arbitrary code and conduct DLL hijacking attacks via a Trojan horse DLL that is located in the same folder as F-SecureOnlineScanner.exe.
local
low complexity
f-secure CWE-426
7.8
2017-03-11 CVE-2017-6466 Improper Input Validation vulnerability in F-Secure Software Updater 2.20
F-Secure Software Updater 2.20, as distributed in several F-Secure products, downloads installation packages over plain http and does not perform file integrity validation after download.
network
high complexity
f-secure CWE-20
8.1