CVE-2023-50236

EPSS 0.03%
Published 13.02.2024 09:15:46
Last modified 21.11.2024 08:36:43
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escalate privileges to NT AUTHORITY\SYSTEM.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Polarion Alm Version < 2404.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.03%	0.072

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
productcert@siemens.com	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-276 Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

https://cert-portal.siemens.com/productcert/html/ssa-871717.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-50236

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-50236

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-50236

EUVD