CVE-2024-51447

EPSS 0.06%
Published 13.05.2025 09:38:25
Last modified 22.08.2025 20:32:20
Source productcert@siemens.com
Teams watchlist Login
Open Login

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.2). The login implementation of the affected application contains an observable response discrepancy vulnerability when validating usernames. This could allow an unauthenticated remote attacker to distinguish between valid and invalid usernames.

Affected products Warnungen 0 Metrics 3 CWE 1 References 4

Data is provided by the National Vulnerability Database (NVD)

Siemens ≫ Polarion Alm Version >= 2404 < 2410

Siemens ≫ Polarion Alm Version2310

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.06%	0.177

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
productcert@siemens.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
productcert@siemens.com	6.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-204 Observable Response Discrepancy

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

https://cert-portal.siemens.com/productcert/html/ssa-162255.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-51447

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-51447

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-51447

EUVD