Certain WithSecure products allow Unauthenticated Remote Code Execution via the web server (backend). This affects WithSecure Policy Manager 15 and Policy Manager Proxy 15.
https://www.withsecure.com/en/support/security-advisories/cve-2023-nnn511
https://www.withsecure.com/en/support/security-advisories/cve-2023-43762