CVE-2023-NNN Unauthenticated Remote Code Execution Vulnerability

A vulnerability was discovered in the web server (backend) component of WithSecure Policy Manager Server and & WithSecure Policy Manager Proxy. An unauthenticated remote user can exploit this perform remote code execution on the client machine.

This issue was reported to WithSecure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.

Mitigation: Readme.txt file inside the hotfix7 contains instructions to mitigate risks

NOTE: We have applied for, but not yet received a CVE identifier for this Advisory. We will update the advisory page once we have obtained the CVE number.

WithSecure would like to thank following person for bringing this issue to our attention.

2023-04-05 : Added mitigation steps

Über uns

Was gibt's für Neuigkeiten?

Letzte Aktualisierung

WithSecure™ Elements erreicht 100 % Schutzrate und gewinnt den AV-TEST Best Protection Award 2024

NYDFS 500 vs. DORA: A Comparison for European Financial Institutions

Differences between vulnerability management and exposure management

Understanding Your Attack Surface

Select a language

Europe

North America

Central and South America

Asia - Pacific

Global

Highlights

Ansehen und lesen

Ausgewählte Beiträge

MITRE 2024: Was ist neu und warum sollte es mich interessieren?

Partner werden

Bestandspartner

Partner finden

Partner's corner

MITRE 2024: Welche Neuerungen gibt es, und weshalb sind die Ergebnisse von Bedeutung?

Der europäische Ansatz

Ergebnisorientierte Strategien

Lernen Sie weiter (auf Englisch)

Self-help

Kontakt zum Support

Lassen Sie es uns wissen

Wichtige Neuigkeiten

WithSecure Support

CVE-2023-NNN

More information

Contributors

Jakob Heusinger from Code White

Changelog