CVE-2022-38165

Arbitrary file write in F-Secure Policy Manager

More information

A vulnerability was discovered in the F-Secure Policy Manager Server. An unauthenticated user can write the file with the contents in arbitrary locations that could lead to an arbitrary write file on the F-Secure Policy Manager Server.

This issue was reported to WithSecure through the Vulnerability Reward Program. No known exploit or attack has been seen in the wild.

Fix

User action is required. The Administrator of the system should download the Hotfix and deploy it to the F-Secure Policy Manager.

Hotfix 4 published to fix this vulnerability. Download and instructions on:

https://www.withsecure.com/en/support/product-support/business-suite/policy-manager#download 

 

Contributors

WithSecure would like to thank following person for bringing this issue to our attention.

Kevin Joensen

Twitter

 

Change log

Date : 12.05.22 : F-Secure Policy Manager Proxy is not affected by this vulnerability

    Status

  • Fixed
  • Risk level

  • Medium
  • Affected products

  • F-Secure Policy Manager for Linux F-Secure Policy Manager for Windows
  • Platforms

  • All supported platforms for the affected products
  • Date issued

  • 2022-11-07