Skip to main content

F Secure Policy Manager

4 CVEs product

Monthly

CVE-2023-43763 MEDIUM This Month

Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft F Secure Policy Manager
NVD
CVSS 3.1
6.1
EPSS
0.3%
CVE-2023-43762 CRITICAL Act Now

Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE F Secure Policy Manager Policy Manager Proxy
NVD
CVSS 3.1
9.8
EPSS
1.1%
CVE-2022-38165 CRITICAL Act Now

Arbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with the contents in arbitrary locations on the F-Secure Policy Manager Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal F Secure Policy Manager
NVD
CVSS 3.1
9.8
EPSS
0.8%
CVE-2022-38162 MEDIUM This Month

Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within the F-Secure Policy Manager due to an unvalidated parameter in the endpoint, which allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS F Secure Policy Manager
NVD
CVSS 3.1
6.1
EPSS
0.7%
EPSS 0% CVSS 6.1
MEDIUM This Month

Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Microsoft F Secure Policy Manager
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

RCE F Secure Policy Manager Policy Manager Proxy
NVD
EPSS 1% CVSS 9.8
CRITICAL Act Now

Arbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with the contents in arbitrary locations on the F-Secure Policy Manager Server. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Path Traversal F Secure Policy Manager
NVD
EPSS 1% CVSS 6.1
MEDIUM This Month

Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within the F-Secure Policy Manager due to an unvalidated parameter in the endpoint, which allows remote. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS F Secure Policy Manager
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy