Siemens

Polarion Alm

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.3

CVE-2024-51447

  • EPSS 0.06%
  • Veröffentlicht 13.05.2025 09:38:25
  • Zuletzt bearbeitet 22.08.2025 20:32:20

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.2). The login implementation of the affected application contains an observable response discrepancy vulnerability when validating usernames. T...

5.4

CVE-2024-51446

  • EPSS 0.07%
  • Veröffentlicht 13.05.2025 09:38:24
  • Zuletzt bearbeitet 23.09.2025 15:29:14

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The file upload feature of the affected application improperly sanitizes xml files. This could allow an authenticated remote attacker to co...

6.5

CVE-2024-51445

  • EPSS 0.1%
  • Veröffentlicht 13.05.2025 09:38:22
  • Zuletzt bearbeitet 23.09.2025 15:34:45

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The affected application contains a XML External Entity Injection (XXE) vulnerability in the docx import feature. This could allow an authe...

6.5

CVE-2024-51444

  • EPSS 0.09%
  • Veröffentlicht 13.05.2025 09:38:21
  • Zuletzt bearbeitet 23.09.2025 15:38:34

A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The application insufficiently validates user input for database read queries. This could allow an authenticated remote attacker to conduct...

6.5

CVE-2024-33647

  • EPSS 0.14%
  • Veröffentlicht 14.05.2024 16:17:21
  • Zuletzt bearbeitet 27.08.2025 22:15:36

A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The Apache Lucene based query engine in the affected application lacks proper access controls. This could allow an authenticated user to query items beyond the user's allow...

9.8

CVE-2024-23813

  • EPSS 0.14%
  • Veröffentlicht 13.02.2024 09:15:50
  • Zuletzt bearbeitet 21.11.2024 08:58:28

A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execut...

7.8

CVE-2023-50236

  • EPSS 0.03%
  • Veröffentlicht 13.02.2024 09:15:46
  • Zuletzt bearbeitet 21.11.2024 08:36:43

A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The affected product is vulnerable due to weak file and folder permissions in the installation path. An attacker with local access could exploit this vulnerability to escal...

5.9

CVE-2023-28828

  • EPSS 0.15%
  • Veröffentlicht 11.04.2023 10:15:18
  • Zuletzt bearbeitet 21.11.2024 07:56:06

A vulnerability has been identified in Polarion ALM (All versions < V22R2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.

5.4

CVE-2022-46265

  • EPSS 0.63%
  • Veröffentlicht 13.12.2022 16:15:25
  • Zuletzt bearbeitet 21.11.2024 07:30:18

A vulnerability has been identified in Polarion ALM (All versions < V2304.0). The affected application contains a Host header injection vulnerability that could allow an attacker to spoof a Host header information and redirect users to malicious webs...

6.1

CVE-2021-44478

  • EPSS 0.81%
  • Veröffentlicht 08.03.2022 12:15:11
  • Zuletzt bearbeitet 21.11.2024 06:31:02

A vulnerability has been identified in Polarion ALM (All versions < V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the ...