Unauthenticated Remote Code Execution Vulnerability
A vulnerability was discovered in the web server (backend) component of WithSecure Policy Manager Server and & WithSecure Policy Manager Proxy. An unauthenticated remote user can exploit this perform remote code execution on the client machine.
This issue was reported to WithSecure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.
Mitigation: Readme.txt file inside the hotfix7 contains instructions to mitigate risks
NOTE: We have applied for, but not yet received a CVE identifier for this Advisory. We will update the advisory page once we have obtained the CVE number.
WithSecure would like to thank following person for bringing this issue to our attention.
Jakob Heusinger from Code White
2023-04-05 : Added mitigation steps