PT-2023-5636 · Withsecure · Withsecure Policy Manager
Published
2023-09-21
·
Updated
2023-10-13
·
CVE-2023-43764
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
WithSecure Policy Manager version 15
Description
The issue exists due to insufficient input validation in the WithSecure Policy Manager, allowing an attacker to execute arbitrary code. This can be exploited for unauthenticated remote code execution via the web server backend.
Recommendations
For WithSecure Policy Manager version 15, update to a version that includes a fix for this issue, as the current version allows unauthenticated remote code execution.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Withsecure Policy Manager