PT-2023-28971 · Withsecure · Withsecure Policy Manager Proxy+1
Jakob Heusinger
·
Published
2023-09-21
·
Updated
2024-09-25
·
CVE-2023-43762
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WithSecure Policy Manager version 15
WithSecure Policy Manager Proxy version 15
Description
The issue allows Unauthenticated Remote Code Execution via the web server (backend). This is a significant problem as it can be exploited without the need for authentication, potentially leading to severe consequences.
Recommendations
For WithSecure Policy Manager version 15, update to a version that includes a fix for this issue.
For WithSecure Policy Manager Proxy version 15, update to a version that includes a fix for this issue.
As a temporary workaround, consider restricting access to the web server (backend) to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Withsecure Policy Manager
Withsecure Policy Manager Proxy