Lucene search

[email protected]NVD:CVE-2022-38162

HistoryOct 25, 2022 - 7:15 p.m.

CVE-2022-38162

2022-10-2519:15:11

CWE-79

[email protected]

web.nvd.nist.gov

cve-2022-38162

cross-site scripting

withsecure

f-secure policy manager

remote attackers

malicious input

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

49.7%

JSON

Reflected cross-site scripting (XSS) vulnerabilities in WithSecure through 2022-08-10) exists within the F-Secure Policy Manager due to an unvalidated parameter in the endpoint, which allows remote attackers to provide a malicious input.

Affected configurations

NVD

Node

withsecuref-secure_policy_managerMatch-linux_kernel

withsecuref-secure_policy_managerMatch-windows

References

withsecure.com

www.withsecure.com/en/support/security-advisories

www.withsecure.com/en/support/security-advisories/cve-2022-38162?_gl=1%2Adtq2t3%2A_up%2AMQ..%2A_ga%2AMTMxOTM1OTA2MC4xNjY2NzIxMjQ0%2A_ga_B5SG5Y2DHS%2AMTY2NjcyMTI0MS4xLjAuMTY2NjcyMTI0MS4wLjAuMA..

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

49.7%

JSON

Related for NVD:CVE-2022-38162

cvelist1 cve1 prion1