CVE-2024-51447

EPSS 0.06%
Veröffentlicht 13.05.2025 09:38:25
Zuletzt bearbeitet 22.08.2025 20:32:20
Quelle productcert@siemens.com
Teams Watchlist Login
Unerledigt Login

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.2). The login implementation of the affected application contains an observable response discrepancy vulnerability when validating usernames. This could allow an unauthenticated remote attacker to distinguish between valid and invalid usernames.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Siemens ≫ Polarion Alm Version >= 2404 < 2410

Siemens ≫ Polarion Alm Version2310

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.06%	0.177

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
productcert@siemens.com	5.3	3.9	1.4	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
productcert@siemens.com	6.9	0	0	CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

CWE-204 Observable Response Discrepancy

The product provides different responses to incoming requests in a way that reveals internal state information to an unauthorized actor outside of the intended control sphere.

https://cert-portal.siemens.com/productcert/html/ssa-162255.html

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-51447

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-51447

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-51447

EUVD