CVE-2023-43762

EUVD-2023-48139
Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CISA-ADPADP
9.8 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
Affected Products (NVD)
VendorProductVersion
withsecuref-secure_policy_manager
15.00
withsecuref-secure_policy_manager
15.00
withsecurepolicy_manager_proxy
15.00
withsecurepolicy_manager_proxy
15.00
𝑥
= Vulnerable software versions
References
https://www.withsecure.com/en/support/security-advisories
https://www.withsecure.com/en/support/security-advisories/cve-2023-43762
https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn511
https://www.withsecure.com/en/support/security-advisories
https://www.withsecure.com/en/support/security-advisories/cve-2023-43762
https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn511