Unauthenticated Remote Code Execution Vulnerability
A vulnerability was discovered in the web server (backend) component of WithSecure Policy Manager Server and & WithSecure Policy Manager Proxy. An unauthenticated remote user can exploit this perform remote code execution on the client machine.
This issue was reported to WithSecure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.
Mitigation: Readme.txt file inside the hotfix7 contains instructions to mitigate risks
WithSecure would like to thank following person for bringing this issue to our attention.
Jakob Heusinger from Code White
2023-04-05 : Added mitigation steps