Lucene search

[email protected]CVE-2022-38162

HistoryOct 25, 2022 - 7:15 p.m.

CVE-2022-38162

2022-10-2519:15:11

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-38162

reflected xss

f-secure policy manager

nvd

security vulnerability

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

49.7%

JSON

Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within the F-Secure Policy Manager due to an unvalidated parameter in the endpoint, which allows remote attackers to provide a malicious input.

Affected configurations

NVD

Node

withsecuref-secure_policy_managerMatch-linux_kernel

withsecuref-secure_policy_managerMatch-windows

CPENameOperatorVersion
withsecure:f-secure_policy_managerwithsecure f-secure policy managereq-

CPE	Name	Operator	Version
withsecure:f-secure_policy_manager	withsecure f-secure policy manager	eq	-

References

withsecure.com

www.withsecure.com/en/support/security-advisories

www.withsecure.com/en/support/security-advisories/cve-2022-38162?_gl=1%2Adtq2t3%2A_up%2AMQ..%2A_ga%2AMTMxOTM1OTA2MC4xNjY2NzIxMjQ0%2A_ga_B5SG5Y2DHS%2AMTY2NjcyMTI0MS4xLjAuMTY2NjcyMTI0MS4wLjAuMA..

Social References

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

49.7%

JSON

Related for CVE-2022-38162

nvd1 cvelist1 prion1