VYPR

Polarion ALM

by Polarion

CVEs (6)

  • CVE-2024-23813HigFeb 13, 2024
    risk 0.47cvss 7.3epss 0.01

    A vulnerability has been identified in Polarion ALM (All versions < V2404.0). The REST API endpoints of doorsconnector of the affected product lacks proper authentication. An unauthenticated attacker could access the endpoints, and potentially execute code.

  • CVE-2024-51445MedMay 13, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The affected application contains a XML External Entity Injection (XXE) vulnerability in the docx import feature. This could allow an authenticated remote attacker to…

  • CVE-2024-51444MedMay 13, 2025
    risk 0.42cvss 6.5epss 0.00

    A vulnerability has been identified in Polarion V2310 (All versions), Polarion V2404 (All versions < V2404.4). The application insufficiently validates user input for database read queries. This could allow an authenticated remote attacker to conduct an SQL injection attack that…

  • CVE-2021-44478MedMar 8, 2022
    risk 0.40cvss 6.1epss 0.01

    A vulnerability has been identified in Polarion ALM (All versions < V21 R2 P2), Polarion WebClient for SVN (All versions). A cross-site scripting is present due to improper neutralization of data sent to the web page through the SVN WebClient in the affected product. An attacker…

  • CVE-2023-28828MedApr 11, 2023
    risk 0.38cvss 5.9epss 0.01

    A vulnerability has been identified in Polarion ALM (All versions < V22R2). The application contains a XML External Entity Injection (XXE) vulnerability. This could allow an attacker to view files on the application server filesystem.

  • CVE-2022-46265MedDec 13, 2022
    risk 0.35cvss 5.4epss 0.00

    A vulnerability has been identified in Polarion ALM (All versions < V2304.0). The affected application contains a Host header injection vulnerability that could allow an attacker to spoof a Host header information and redirect users to malicious websites.