Vulnerabilities > Withsecure > F Secure Policy Manager

DATE CVE VULNERABILITY TITLE RISK
2023-09-22 CVE-2023-43762 Unspecified vulnerability in Withsecure F-Secure Policy Manager and Policy Manager Proxy
Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend).
network
low complexity
withsecure
critical
9.8
2023-09-22 CVE-2023-43763 Cross-site Scripting vulnerability in Withsecure F-Secure Policy Manager 15.00
Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint.
network
low complexity
withsecure CWE-79
6.1
2022-11-17 CVE-2022-38165 Unspecified vulnerability in Withsecure F-Secure Policy Manager
Arbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with the contents in arbitrary locations on the F-Secure Policy Manager Server.
network
low complexity
withsecure
critical
9.8
2022-10-25 CVE-2022-38162 Cross-site Scripting vulnerability in Withsecure F-Secure Policy Manager
Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within the F-Secure Policy Manager due to an unvalidated parameter in the endpoint, which allows remote attackers to provide a malicious input.
network
low complexity
withsecure CWE-79
6.1