This page lists publicly disclosed CVE vulnerabilities affecting withsecure f-secure_policy_manager (linked via NVD CPE). Each row includes severity scores, summaries, and publication dates to help identify and analyze security issues.
| CVE | Summary | Source | Max CVSS | EPSS % | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2023-43763 | Certain WithSecure products allow XSS via an unvalidated parameter in the endpoint. This affects WithSecure Policy Manager 15 on Windows and Linux. | [email protected] | 6.1 | 0.31% | 2023-09-22 | 2024-11-21 |
| CVE-2023-43762 | Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15. | [email protected] | 9.8 | 1.13% | 2023-09-22 | 2024-11-21 |
| CVE-2022-38165 | Arbitrary file write in F-Secure Policy Manager through 2022-08-10 allows unauthenticated users to write the file with the contents in arbitrary locations on the F-Secure Policy Manager Server. | [email protected] | 9.8 | 0.83% | 2022-11-17 | 2025-04-30 |
| CVE-2022-38162 | Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within the F-Secure Policy Manager due to an unvalidated parameter in the endpoint, which allows remote attackers to provide a malicious input. | [email protected] | 6.1 | 0.67% | 2022-10-25 | 2025-05-07 |