CVE-2023-50236

EPSS 0.03%
Veröffentlicht 13.02.2024 09:15:46
Zuletzt bearbeitet 21.11.2024 08:36:43
Quelle productcert@siemens.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\SYSTEM.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Polarion Alm Version < 2404.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.03%	0.072

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
productcert@siemens.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://cert-portal.siemens.com/productcert/html/ssa-871717.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-50236

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-50236

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-50236

EUVD