PT-2023-28971 · Withsecure · Withsecure Policy Manager Proxy+1

Jakob Heusinger

Publicado

2023-09-21

Atualizado

2024-09-25

CVE-2023-43762

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions WithSecure Policy Manager version 15 WithSecure Policy Manager Proxy version 15

Description The issue allows Unauthenticated Remote Code Execution via the web server (backend). This is a significant problem as it can be exploited without the need for authentication, potentially leading to severe consequences.

Recommendations For WithSecure Policy Manager version 15, update to a version that includes a fix for this issue. For WithSecure Policy Manager Proxy version 15, update to a version that includes a fix for this issue. As a temporary workaround, consider restricting access to the web server (backend) to minimize the risk of exploitation.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2023-43762

Produtos afetados

Withsecure Policy Manager

Withsecure Policy Manager Proxy

PT-2023-28971 · Withsecure · Withsecure Policy Manager Proxy+1

CVE-2023-43762

Identificadores relacionados

Produtos afetados

Referências · 8