CVE-2018-6189

Name of the Vulnerable Software and Affected Versions F-Secure Radar (on-premises) versions prior to 2018-02-15

Description The issue involves a problem with suggested metadata tags for assets. It is related to an outbound request for the "/api/latest/vulnerabilityscans/tags/batch" API endpoint, where the Tags parameter in the JSON request body is vulnerable.

Recommendations For versions prior to 2018-02-15, update to a version released after 2018-02-15 to resolve the issue. As a temporary workaround, consider restricting access to the "/api/latest/vulnerabilityscans/tags/batch" API endpoint to minimize the risk of exploitation. Avoid using the Tags parameter in this endpoint until the issue is resolved.