Jakob Heusinger

**Name of the Vulnerable Software and Affected Versions** WithSecure Policy Manager version 15 WithSecure Policy Manager Proxy version 15 **Description** The issue allows Unauthenticated Remote Code Execution via the web server (backend). This is a significant problem as it can be exploited without the need for authentication, potentially leading to severe consequences. **Recommendations** For WithSecure Policy Manager version 15, update to a version that includes a fix for this issue. For WithSecure Policy Manager Proxy version 15, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the web server (backend) to minimize the risk of exploitation.