Search criteria
2 vulnerabilities found for policy_manager_proxy by withsecure
CVE-2023-43762 (GCVE-0-2023-43762)
Vulnerability from cvelistv5 – Published: 2023-09-22 00:00 – Updated: 2024-09-25 15:55
VLAI
Summary
Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| withsecure | f-secure_policy_manager |
Affected:
15.00
cpe:2.3:a:withsecure:f-secure_policy_manager:15.00:*:*:*:*:linux_kernel:*:* |
|
| withsecure | f-secure_policy_manager |
Affected:
15.00
cpe:2.3:a:withsecure:f-secure_policy_manager:15.00:*:*:*:*:windows:*:* |
|
| withsecure | policy_manager_proxy |
Affected:
15.00
cpe:2.3:a:withsecure:policy_manager_proxy:15.00:*:*:*:*:linux_kernel:*:* |
|
| withsecure | policy_manager_proxy |
Affected:
15.00
cpe:2.3:a:withsecure:policy_manager_proxy:15.00:*:*:*:*:windows:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:10.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn511"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-43762"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:withsecure:f-secure_policy_manager:15.00:*:*:*:*:linux_kernel:*:*"
],
"defaultStatus": "unknown",
"product": "f-secure_policy_manager",
"vendor": "withsecure",
"versions": [
{
"status": "affected",
"version": "15.00"
}
]
},
{
"cpes": [
"cpe:2.3:a:withsecure:f-secure_policy_manager:15.00:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "f-secure_policy_manager",
"vendor": "withsecure",
"versions": [
{
"status": "affected",
"version": "15.00"
}
]
},
{
"cpes": [
"cpe:2.3:a:withsecure:policy_manager_proxy:15.00:*:*:*:*:linux_kernel:*:*"
],
"defaultStatus": "unknown",
"product": "policy_manager_proxy",
"vendor": "withsecure",
"versions": [
{
"status": "affected",
"version": "15.00"
}
]
},
{
"cpes": [
"cpe:2.3:a:withsecure:policy_manager_proxy:15.00:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "policy_manager_proxy",
"vendor": "withsecure",
"versions": [
{
"status": "affected",
"version": "15.00"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-43762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T15:16:41.660352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:55:58.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-13T15:43:16.613Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn511"
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-43762"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43762",
"datePublished": "2023-09-22T00:00:00.000Z",
"dateReserved": "2023-09-22T00:00:00.000Z",
"dateUpdated": "2024-09-25T15:55:58.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2023-43762 (GCVE-0-2023-43762)
Vulnerability from nvd – Published: 2023-09-22 00:00 – Updated: 2024-09-25 15:55
VLAI
Summary
Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- n/a
Assigner
References
Impacted products
4 products
| Vendor | Product | Version | |
|---|---|---|---|
| withsecure | f-secure_policy_manager |
Affected:
15.00
cpe:2.3:a:withsecure:f-secure_policy_manager:15.00:*:*:*:*:linux_kernel:*:* |
|
| withsecure | f-secure_policy_manager |
Affected:
15.00
cpe:2.3:a:withsecure:f-secure_policy_manager:15.00:*:*:*:*:windows:*:* |
|
| withsecure | policy_manager_proxy |
Affected:
15.00
cpe:2.3:a:withsecure:policy_manager_proxy:15.00:*:*:*:*:linux_kernel:*:* |
|
| withsecure | policy_manager_proxy |
Affected:
15.00
cpe:2.3:a:withsecure:policy_manager_proxy:15.00:*:*:*:*:windows:*:* |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T19:52:10.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn511"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-43762"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:withsecure:f-secure_policy_manager:15.00:*:*:*:*:linux_kernel:*:*"
],
"defaultStatus": "unknown",
"product": "f-secure_policy_manager",
"vendor": "withsecure",
"versions": [
{
"status": "affected",
"version": "15.00"
}
]
},
{
"cpes": [
"cpe:2.3:a:withsecure:f-secure_policy_manager:15.00:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "f-secure_policy_manager",
"vendor": "withsecure",
"versions": [
{
"status": "affected",
"version": "15.00"
}
]
},
{
"cpes": [
"cpe:2.3:a:withsecure:policy_manager_proxy:15.00:*:*:*:*:linux_kernel:*:*"
],
"defaultStatus": "unknown",
"product": "policy_manager_proxy",
"vendor": "withsecure",
"versions": [
{
"status": "affected",
"version": "15.00"
}
]
},
{
"cpes": [
"cpe:2.3:a:withsecure:policy_manager_proxy:15.00:*:*:*:*:windows:*:*"
],
"defaultStatus": "unknown",
"product": "policy_manager_proxy",
"vendor": "withsecure",
"versions": [
{
"status": "affected",
"version": "15.00"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-43762",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-25T15:16:41.660352Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-25T15:55:58.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-13T15:43:16.613Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "https://www.withsecure.com/en/support/security-advisories"
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn511"
},
{
"url": "https://www.withsecure.com/en/support/security-advisories/cve-2023-43762"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-43762",
"datePublished": "2023-09-22T00:00:00.000Z",
"dateReserved": "2023-09-22T00:00:00.000Z",
"dateUpdated": "2024-09-25T15:55:58.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}